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As many as 400 people in your 


company are 


making IT pur- 


chases, but few of them are 

taking steps like establishing 

the need, selecting a team and 
choosing a strategy. 


aan alt 
Ws 


We have 12 tips 
from IT managers 


who have given the 
vendor selection process a good 
deal of thought, as well as ad- 
vice on how to cut through the 


marketing blather. 


Stories begin on page 32. 
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IT CLAMPS DOWN ON 
RESEARCH SPENDING 


| Most budgets stand, but CIOs now want 


BY JULIA KING 

Despite the economic down- 
turn and layoffs at many of the 
big IT research firms, a recent 


| online and telephone survey of 


more than 50 CIOs suggests 


that most user companies have | 


yet to significantly cut back on 
their IT research spending. 

But they aren’t buying mar- 
ket and technology 
prognostications. What 


forecasts 


users | 


are willing to pay for ina tough | 


economy is the proverbial fish- 
highly 
and how-to 


ing lesson — specific, 


actionable advice 


information they can apply on | 


an ongoing basis. 

Lambert, director 
at $4 billion Wes- 
co Distribution Inc. in Pitts- 
burgh, part of his 
organization’s annual $100,000 
IT research budget on Cam- 
bridge, Mass.-based Giga In- 
formation Group Inc. 


Russ 


e-commerce 


spent 


of 


| specific, comparative product information 


“The of their work 
was to benchmark our e-com- 
merce site, then teach my Web 
marketing team how to bench- 
mark the site. They just don’t 
walk away [without training 
your staff ] so you have to hire 
them again,” Lambert said. 


Research Tips 


SCHEDULE reguiar 
meetings for IT research 
subscribers to share infor- 
mation staffwide. 
TAP INTO the IT exper- 
tise of similar companies 
through industry IT groups, 
such as the National Retail Feder- 
ation’s CIO Council. 
PARTICIPATE in IT 
research surveys in ex- 
change fox receiving 
reports and other information. 


scope 


IT SHOPS BALANCE SECURITY, PRIVACY 


Employee privacy key 


in cyberattack defense | 


BY DAN VERTON 
rhe threat of terrorist attacks 


against corporate America has | 


forced IT departments to try to 
figure out how to protect em- 
ployee when imple- 
menting security 
nologies. 

Companies can be held li- 
able if employees’ personal in- 


privacy 
new 


formation isn’t adequately safe- | 


| guarded, experts warn. So se- 


tech- | 


| 
| 


curity technology and service 
providers are increasingly be- 
ing called upon to 
their clients about privacy is- 
sues when those clients set out 
to enhance their employee au 
thentication and 
procedures. 
Rebecca Whitener, director 
of privacy Plano, 
Texas-based Electronic 
Systems Corp., said she 


educate 


services at 


of clients interested in biomet- 


ric access controls, employee | 


Privacy, page 16 


monitoring | 


Data | 
has | 
} seen an increase in the number | 


IO at Hannaford 
a 115-store grocery 
chain based in Scarborough, 
Maine, wants feature-by-fea- 
ture comparative product in- 
formation. 

Homa decided against cut- 
ting back on IT research for 
2002 in December, when the 
economic downturn worked to 
push up Hannaford’s acquisi- 
tion of a new mainframe, 
eral Unix servers plus new 

IT Research, page 65 


APPS SUPPORT 
LAGS, USERS SAY 


Managers want better 
patches, response times 


Bill Homa, ¢ 
Bros. Co., 


sev- 


BY MARC L. SONGINI 
New complaints about the 
technical support provided by 
vendors of enterprise applica- 
tions are surfacing, buttressed 
by surveys that indicate many 
users find support lacking. 

A half-dozen IT 
contacted by Computerworld 
last week gave vendors such as 
Oracle Corp. SAP AG 
mixed marks on technical sup- 
port. They pointed to issues 
such as hard-to-install patches 
and slow responses to requests 
for help in resolving problems. 

Those have long been bones 
of contention, but there are 
signs that a sizable number of 
users think things are getting 
worse. For example, more than 
one-third of the users who re- 
sponded to a survey conducted 
by the Atlanta-based Oracle 
Applications Users Group and 
New York-based Morgan Stan- 

Apps Support, page 65 


managers 


and 





AT ONE TIME, DATA STORAGE 
AND AT ONE TIME, THIS 


> . 
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‘and Solaris are trademarks or registered trademarks of Sun Microsystems, lnc. in the United States and other counteie’. 





JUST MEANT HAVING A BOX. 
WAS A WICKED HAIRCUT. 


Introducing Sun’s complete storage solutions. A new approach 
to storage that can make you look pretty sharp. 


In today’s complex, data-hungry IT environment, storage has to be a lot more than just a box. You need your storage to be an 
integrated part of your entire IT infrastructure. How are you going to get there? With complete storage solutions from Sun. By 
thinking about your IT infrastructure as a whole, you can reduce complexity throughout your enterprise. And with Sun StorEdge; 
this practical approach to storage now exists. All of Sun’s new stcrage products - software, hardware and services - are part of 
Sun’s end-to-end IT infrastiucture. And all of our products are optimized for the So.aris” Operating Environment, yet open to 
heterogeneous environments. Everything can now work as one. And that means more utilization of your storage resources, with 
unparalleled uptime and a lower cost of ownership, even if you’re on a multi-vendor system. 


Software 

With the new Sun StorEdge software suites, 
you have complete control over all your 
storage resources: 


Availability Suite: for increased uptime and 
rapid recovery from disasters. 


Utilization Suite: so you can uncover every 
nook and cranny of available storage. 


Resource Management Suite: lets you 
proactively manage your storage capacity. 


Performance Suite: provides quick data 
access, continually protected information 
and our new next-generation file system. 


Industry-Leading Scalability 


(252 terabytes) 


terabytes 


(2 terabyie) 


Traditional file systems Sun QFS & SAM - FS 





Systems 

Our storage systems, ranging from the 
workgroup to the data center, are optimized 
to your environment: 


New Sun StorEdge 3900 series: delivers the 


best high-performance computing available. 


4x the Bandwidth" 
1,60 
SR sd 
1,400 } perry 


MB/second 


New Sun StorEdge 6900 series: integrated 
virtualization technology lets you pool 
every last byte of storage capacity and 
share it across multiple systems, so you 


can consolidate all your storage resources. 


The Sun StorEdge 9900 series: simply delivers 
best-in-class storage performance, five-9s 
availability and connectivity for your 
mission-critical data center. 





Services 

Sun’s services team can help you build a 
storage environment that’s custom-fit to 
your enterprise. 


Because our focus isn’t limited to storage, 
you can benefit from our comprehensive 
understanding of the interdependence 
between your storage, servers, software 
and the network. 


We can also provide handy assistance on 
everything from general consulting and 
implementation to the finer points of data 
management planning. 


Finally, because we know prevention is 
the best medicine, we offer Sun StorEdge 
Remote Response: pre-emptive support 
that gives you round-the-clock monitoring 
of your storage. 


You get everything you need to maximize 
your return and minimize your costs. 





Storage for Solaris or a heterogeneous environment? Why not both? 
If you’re already using Sun’s rock-solid servers and award-winning Solaris Operating Environment (rated the #1 OE by 
D.H. Brown Associates), you can be sure that Sun StorEdge is optimized to get the most out of your storage resources. 
And if your environment includes other operating systems and server platforms (such as NT, Linux or AIX), our open 
solutions will make your storage work harder and smarter. 


For more information on Sun’s complete storage solutions, all you have to do is take the first step. 
Visit www.sun.com/sunstorage, or contact your Sun representative. 


& Sun 


microsystems 





SOFTWARE THAT GIVES CHILDREN 
A SECOND CHANCE AT LIFE. 


We make more 
kinds of software 
for more kinds of 
computers than 
anyone else in 
the world 
But there’s none 

we're more proud 
of than the virtual 
surgery software 
we helped 

Our new virtual surgery software 
helps produce better cleft surgeons in 
a fraction of the time it used to take. 


develop for The 
Smile Train 

The Smile Train 
is an international charity dedicated to helping children 
with cleft lips and palates 

This year, The Smile Train will provide free cleft sur 
gery for more than 25,000 desperately poor children 
who have no place else to turn. In as litle as 45 min- 


f 
t 


utes and for just $250, The Smile Train can give a 
child not just a new sir ile, but a second chance at life 

What makes The Smile Train unique is that every 
surgery it provides is pe formed by local doctors ir 
devel ping countries. By using virtual surgery sottware 
The Smile Train is able to provide free igh-quality 
training for doctors half a world away. This software 
will produce better cleft surgeons in a fraction of 

> If used to take 

Visit www.omil 
And if you want to help them change the 


j | 
world one smile at a time 


make a donation, and we’ 
match it 1]OO% 


romise it will not 


To make a tax deductible donation call 
77-KID-SMILE or visit www.SmileTrain org 
00% of donations go towards programs 


In as littlefs 45 minutes and fo 1-8 
just $2505 The Smile Train can 


give a child _nét just a new smile ; a aaa 
but a newlife. U% to overhead or administration 


CA will match every donation dollar for dollar. 


Computer Associates” 





~~ SAFE LANDINGS FOR Cl0s 


Because a growing number of IT executives have reached the 


board level, it’s important to make sure that your contract covers 
you in the event your company is acquired or goes bankrupt, or 


your career veers off in another direction. PAGE 40 


NEWS 6 


6 Corporate users are receptive 
to talk of Microsoft’s entry into 
storage and security software. 


7 CAcan’t catch a break as re- 
ports emerge of a federal investiga- 
tion into its accounting practices. 


8 Oil and gas companies form an 
information-sharing system to help 
guard against physical assaults and 
cyberattacks. 


10 IBM and HP both make server 


announcements aimed at enabling 
users to consolidate their apps. 


12 ICANN faces up to security 
holes in the Internet’s Domain 
Name System. 


14 Tough economic times compel 
companies to charge departments 
for the data storage space they use. 


Quick For — news, updated 
twice daily, visit Computer- 
wmke world.com 


LINK rerican’ 


BEING READY 


Many companies have lots of work 
to do to when it comes to disaster 
preparedness, writes Doran Boros- 
ki at Compass America in our 
Security Community. 
www.computerworld.com/security 
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BUSINESS == 29 


29 Joe Auer poses the following 
question when you sign a contract 
with a vendor: Are you acquiring 
results or resources? How you 
answer can impact your responsi- 
bility for the final results, he says. 


32 Picking a vendor isn’t just 
about setting a strategy, it also 
includes getting buy-in from your 
different departments and making 
sure the deal makes financial sense 
for both parties. 


38 Drexel University may be a 
not-for-profit institution, but that 
hasn’t stopped IT chief John Bielec 
from raking in big bucks to bolster 
his IT budget. 


42 Fran Quittel offers advice to 
an independent consultant who 
hasn’t gotten any nibbles on sever- 
al proposals he’s written and to a 
recent college grad with Java and 
Oracle experience who’s looking to 
move up froin his position as a 
support specialist at a telecom. 


TECHNOLOGY 49 


45 Columnist Nicholas Petreley 
expands on his view that IBM has 
an ace in the hole called “hardware 
devolution.” 


46 Job scheduling tools, those 
venerable IT workhorses, are now 
XML-enabled, event-driven and 
work across multiple platforms, 
representing several leaps forward 
from their mainframe-era prede- 
cessors. 


50 Future Watch: New tech- 
niques in programming computers 
to play games are likely to find use 
elsewhere, say experts. 


52 QuickStudy: Find out about 
the protocols that make a cable 
more than just a wire in this week’s 
tutorial. 


54 Security Journal: Security 
tools identify a potential hacker, 
but human detective work by secu- 
rity manager Vince Tuesday and 
his staff finally closes the case. 


WWW.COMPUTERWORLD.COM 


THE COURTS 
AND THE CODE 


What do you think of a federal 
judge’s ruling ordering Microsoft 
to show its Windows source code 
to the nine states that didn’t go 
along with the Justice Depart- 
ment’s antitrust case settlement? 
Post your thoughts and read what 
others have to say in our forum. 
www.computerworld.com/q?a1600 





WHAT'S A QUICKLINK? 


QuickLinks are an easy way to find Com- 
puterworld content online. On some pages 
in this issue, you'll see a QuickLink code 
pointing to additional, related content on 
our Web site. 

QuickLinks include a full Web site 
address - such as www.computer 
worid.com/q?a1600 - that you can 


TRANSFORMING 
ENERGY 


In 1999, Exelon Corp. software de- 
veloper Ron Swartz (center) start- 
ed shadowing traders like George 
Barnes and Joe MacCrory to see 
how IT systems could automate 


and simplify their work. PAGE 48 


SATS. STREET LOR a 


OPINIONS © 24 


‘4 Maryfran Johnson says data 
privacy protection is just like air- 
line security today and asks if your 
privacy practices would satisfy 
customers and the government. 


+ Pimm Fox writes that the Lib- 
erty Alliance isn’t considering 
what users want in its push for a 
Web services standard. 


Michael Gartenberg says IT 
departments should unshackle re- 
strictive policies and issue more 
laptops to their end users. 


Sun’s Scott McNealy and 
Microsoft’s Brian Arbogast face off 
over trust in Web services. 


6 Frank Hayes urges IT not to 
be sloppy with the administration 
of Web servers and in securing the 
data that reside on them. 


Editorial/Letters 24, 25, 26 
How to Contact CW 64 
Company Index 64 
Shark Tank 66 


type into your browser. 

Or you can head to the QuickLink 
page at www.computerworid.com/ 
quicklink and type the QuickLink code 
~ the five characters at the end of the 
Web address, after the question mark - 
into the box and then click on Go. 

Use QuickLinks to see related stories, 
discussion forums, research links, 
archives and more. 








Microsoft Patches 
Three Holes. . . 


Microsoft Corp. released three sepa- | 


rate software patches for security 
vulnerabilities that could affect 
some of its key products, including 
Internet Explorer, Windows XP, SQL 
Server 2000 and Commerce Server 
2000. The security holes were all 
given “critical” severity ratings by 
Microsoft, which urged systems ad- 


ministrators to install the patches as_| 


soon as possible. 


_.. And Readies Tool 
For Security Scans 


Microsoft next month plans to ship 
a free tool that’s designed to scan 


vulnerabilities in the operating sys- 
tem itself as well as the company’s 


ty Analyzer supports Windows XP, 
Windows 2000 and Windows NT 


4.0 and will replace an earlier piece 
of freeware released last summer. 


Enron to Auction Its 
U.K. Unit's IT Assets 


Houston-based Enron Corp. plans to 


sell the IT equipment and other as- 
sets used by its London-based unit 
in a three-day online auction that 
starts Wednesday. The sale includes 
50 Cisco Systems inc. switches and 
routers, 3,000 Compaq Computer 
Corp. PCs and 500 Compag and 
Sun Microsystems Inc. servers. The 
auction will take place at www. 
dovebid.com, which is owned by 
DoveBid Inc. in Foster City, Calif. 


SafeWeb Plugs 
Holes in Privacy Tool 


Emeryville, Calif.-based SafeWeb 
Inc. said it patched security vulner- 
abilities in an online privacy soft- 
ware tool that it developed. The 
holes, which were reported this 
month by two security researchers, 
involve the software's use of Java- 
Script and master cookies. 


| BY CAROL SLIWA 


| nology developments in the 


| interested in new storage and 
| security offerings from Micro- 
| soft because they have exten- 
Windows-based systems for security | 
| Windows server operating sys- 
| tem to run their applications. 

other products. The Baseline Securi- | 


NEWS 


Microsoft Explores 


New Software Areas 


Users express potential interest in getting 


storage, security offerings from vendor | 


ICROSOFT Corp. 
will find some 
receptive cor- 
porate users as 
it explores part- 
nerships and potential tech- 


storage and security software 
markets. 

Several corporate users said 
last week that they would be | 





sively deployed the vendor’s 


Tom Pane, vice president of 


Mixed Expectations for New Products | 


| additional management capa- | 
| bilities, would also be too ex- 
| pensive, said Clark, so he has 
| three staffers monitoring stor- 
| age manually. 


Speculation is mounting among 
industry observers about Micro- 
soft's potential new storage and 
security offerings, but the compa- | 
ny remains mum on the details. 

Rob Enderle, an analyst at 
Cambridge, Mass.-based Giga 
Information Group Inc., said it 
wouldn't be unprecedented for 
Microsoft to create new product 
divisions only to later decide to 
partner rather than build new 
software itself. However, Enderle 
said he thinks Microsoft will move 
forward on storage to fill out its 
portfolio of server software 

“They increasingly find them- 
selves bidding against products 
like IBM's WebSphere, which 
seem more complete because 
they can connect to these other 
offerings from IBM,” Enderle said 

John Pescatore, an analyst at 
Stamford, Conn.-based Gartner 
Inc., predicted that Microsoft will 
make a bigger push into the con- 
sumer security sector with anti- 
virus software or personal firewall 
services, rather than into the en- 
terprise software space, which is 
increasingly being dominated by 


| about 


| technology at New York-based | 


AnnTaylor Stores Corp., said 


the retailer has more than 100 | 
plus | 


Windows NT 
25 Unix servers from 
Sun Microsystems Inc. 

To monitor storage, AnnTay- 


servers, 


Texas-based Tivoli Systems 
Inc. But Pane said he would 
like to get more detailed analy- 
sis than the tool provides. 


Pane said the Tivoli product 


can tell him when his servers 
reach 75% capacity, but it won't 


manage volume or show dwin- | 
dling disk space and growth | 
| trends that could help him make 


storage migration decisions. 


‘They're way too late to do any- 
thing meaningful,” Pescatore said 
To date, many of Microsoft's 

storage offerings have been li- 
censed from other companies, 
such as Mountain View, Calif.- 
based Veritas Software Corp., said 
Bill North, an analyst at Framing 
ham, Mass.-based IDC 

Going forward, North said, he 
thinks Microsoft will both partner 
with other vendors and build its 
own storage software products. 

Nancy Marrone, an analyst 
at Milford, Mass.-based Enter- 
prise Storage Group Inc., said 
it’s conceivable that Microsoft 
will have offerings in storage net- 
work management, storage re- 
source management, data man- 
agement, virtualization and stor- 
age policy management, poten- 
tially thrusting the software maker 
into competition against vendors 
such as EMC Corp., IBM, Hew- 
lett-Packard Co. and BMC Soft 
ware Inc. 

“They see that something's a 
big market, and they're going to 
go take as much as they can of it,” 
said Marrone. 





security appliance hardware. 


| 





“You can buy from third-par- 
ty vendors, and you can string 
together solutions, but it really 
should be coming from Micro- 
soft themselves, and they’re 
not really there today,” he said. 

Frank Orlow, manager of 
Clark Retail Enterprises Inc. in 
Oak Brook, Ill, said he also 
would be interested in Micro- 
soft products for storage man- 


agement and security. “Any- 
lor uses a tool from Austin, | 


time you've got a bundled soft- 
ware environment with prod- 
ucts from the same company, 


| generally they play well to- 


gether,” he said. 


Prohibitive Costs 


Orlow said he checked out | 


Microsoft Operations Manager 


to help with volume-level stor- | 


age management but found the 


| cost — approximately $700 per 


processor — prohibitive for his 
36 Windows servers. 
A storage-area 


Jim Prevo, CIO at 


| cea eae 
| Mountain Coffee Roaster Inc. in 


| Computer Corp. to 
| storage capacity in 45 Windows | 
| 2000 and NT servers. He said | 


, é 
Waterbury, Vt., said he carefully | 
| designed his company’s storage 


and uses tools from Compaq 
monitor 


| that he hasn’t seen how enter- 


| month 


| | prise storage would benefit his 
| company but always pays atten- 
| tion to Microsoft’s products. 


Microsoft provided no de- 
tails about its existing or po- 


| tential offerings in the storage 


or security markets. 
The maker 
announced 


software 
internally 


| that Mike Nash would head its 


new security business unit, ac- 
cording to company spokes- 


man Dan Leach. Nash is due to | 


complete his transition from 


| Microsoft's content develop- | 

|| ment and delivery group to the 
| security unit within the next 
| two months, Leach said. 


network | 
(SAN), which would provide | 


Green | 
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IT Rumor 
Microsoft isn’t saying much 
about its potential forays into 
the storage and security mar- 
kets, but analysts are. Rumors 
include the following: 


® Microsoft will take a stab 

at antivirus software, now 
controlled by McAfee.com and 
Symantec. 


® Microsoft will link up with stor- 
age hardware wannabe Dell. 


Windows the dominant operat- 
ing system in network-attached 
storage devices. 


® Microsoft will take on EMC, 
IBM, HP and BMC in storage 


: 
® Microsoft will work on making | 
| 
management 


The first product due from 
Nash’s division is the next ver- 
sion of Microsoft’s Internet 
Security and Administration 
Server, an enterprise firewall 
and caching tool, Leach said. 

Fresh off his efforts to launch 
Microsoft’s .Net consumer ser- 
vices group, Senior Vice Presi- 
dent Bob Muglia switched 
gears in November to head Mi- 
crosoft’s new enterprise stor- 
age services group, Leach said. 

Muglia’s group is charged 
with developing “a cohesive 
product and business strategy 
for the evolution of Microsoft 


| file systems, network-attached 


storage, [SANs], backup, con- 


| tinuous availability and storage 


resource management,” accord- 
ing to Microsoft’s Web site. 
“Storage management is a 
real pain point out there, and 
Bob is looking at what steps 


| Microsoft can take to better 
| explore that for customers,” 
| Leach said, noting that Muglia’s 
| group will consider both part- 
nerships and potential technol- 
last | 


ogy developments. 

“Beyond that, no business 
decisions have been made,” 
Leach added. 

Leach said Muglia will re- 
port directly to Jim Allchin, 
group vice president of plat- 
forms. Nash will report to Bri- 
an Valentine, vice president of 
the Windows division, who re- 
ports to Allchin. D 
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CA Users, Analysts Downplay Reports of 
Federal Investigation Into Firm's Finances 


But vendor’s image problems shouldn’ t have 
effect on software customers, say analysts 


BY MARC L. SONGINI 

Adding to what for the past 
year has been a relentless se- 
ries of image-related problems 
for Computer Associates Inter- 
national Inc., the federal gov- 
ernment is reported to be in- 
vestigating the software ven- 
dor’s accounting procedures to 
determine whether it has en- 
gaged in any unlawful activity. 

Several last 
week reported that the U.S. at- 
torney’s office for the Eastern 
District of New York has 
launched a preliminary investi- 
gation of Islandia, N.Y.-based 
CA’s accounting practices. Wil- 
liam Muller, executive assistant 
to the U.S. attorney in Brook- 
lyn, said he couldn’t confirm or 
deny whether an investigation 
is under way. However, Com- 
puterworld has learned that 
members of the 
fice have interviewed a former 
CA employee, who said they 
were looking for possible “evi- 
dence of fraudulent deception.” 

CA officials said on Friday 
that they were aware that the 
company is under preliminary 
inquiry by the U.S. attorney’s 
office and by the Securities 
and Exchange Commission but 
that they did not know the de- 
tails of either inquiry. 

“We'd like to know what’s go- 
ing on,” said Sanjay Kumar, CA's 
president and CEO. “And we’re 
eager to answer questions.” 

Kumar denied that CA uses 
deceptive accounting to boost 
its revenue. CA’s reporting is 
“much more detailed than our 
peers in enterprise 
companies,” 
are very frustrating 
times,” Kumar added. “The 
market is shooting first and 
and asking questions later.” 

In any case, some users and 
analysts said there will be little 
fallout for CA’s customers. 

“This is more an issue for 


media outlets 


attorney’s of- 


software 
he said. 
“These 


Wall Street,” said Jeff Adams, 
IT director at The Belden 
Brick Co. in Canton, Ohio, 
which uses CA’s Unicenter sys- 
tems management framework 
and Jasmine ii middleware 
products. “From my own per- 
spective, I don’t care about 
their accounting, as long as at 
the end of the day 
collapse the company.” 
Although it can be a tough 
negotiator, CA has dealt with 
Belden honestly, Adams said. 
And since the proxy campaign 
to unseat the company’s board 
of directors last summer, the CA 


it doesn’t 


| investigation is no 
| said Irwin in 


personnel with whom he has 
| dealt have 


“been much more 
open in their dealings and been 
much more straightforward.” 

Sherry Irwin, chairwoman 
of the Toronto-based Canadian 
Software Management 
Users’ Group, appeared un- 
fazed by the reports. 

“There has been speculation 
for some months now that cer- 
tain of CA’s accounting prac- 
tices were questionable, so this 
surprise,” 
a written state- 
From the users’ perspec 


Asset 


ment. “ 


| tive, this type of scrutiny gener- 
| ally has a positive impact in that 
| the vendor becomes that much 


more consistent in its sales and 
accounting practices.” 


“These kinds of accusations 


U.S. Digital Goods to Face 
European Value-Added Tax 


U.S. businesses say 
compliance too costly 


BY PATRICK THIBODEAU 
NASHINGTON 

A new European Union law 
due to take effect next year will 
require U.S. companies that 
sell digital products to collect 
taxes from EU customers. It 
would also hold them respon- 
sible for applying a value- 
added tax (VAT) on every sale 
and then sending that tax pay- 
ment across the ocean — even 
if the company has no Euro- 
pean office. 

“It will definitely complicate 
said Stephen Pen- 
dergrast, co-owner of electron- 
ic bookseller and publisher 
Fictionwise Inc. in Chatham, 
NJ. Canadian and European 
customers buy about 20% to 
the approximately 
10,000 electronic books the 
company sells each month. 


our lives,” 


25% of 


Fictionwise and other busi- 
nesses that sell digital down- 
and soft- 


loads such as music 


ware, as well as subscription- 
based pay-per-view television 
and radio, will have to apply 
the VAT on each sale and remit 
the tax payment. VATs range 
from 15% to 25%, depending on 
the country. 
“We're talking 
sands and thousands in costs 


about thou- 
that we would be forced to in- 
cur, That in- 
cludes at least a week of pro- 
gramming staff time, he said. 
The Bush administration 
opposes the VAT on digital 
Kenneth Dam, deputy 
treasury said the 
plan puts burdens on U.S. busi- 
that would be 
than those on their 
competitors. He 


” said Pendergrast. 


goods. 
secretary, 
nesses “more 
onerous” 
European 
specifically warned of its po- 
tential to trigger a trade war. 
EU companies already col- 
lect VATs on digital goods, but | 
they pay the taxes where they 


have swirled around CA for a 
long time,” said Richard Ptak, 
an analyst at Hurwitz Group 
Inc. in Framingham, Mass. “I 
think CA has probably used 
any legal and creatively legal 
means available to it to present 
its business position in the best 
light possible. I do not believe 
any of CA's executives or em- 
ployees have used any illegal 


means or deliberately issued 


false information about their 
business performance.” 

Ptak said he had spoken with 
several former CA e mploye es 
and of them have of- 
fered or shown any evidence to 
back up these claims.” D 


“none 


IDG News Service correspon 
dents Laura Rohde and George 
A. Chidi Jr. contributed to this 
report. 


It’s Always Something 
In the past year, CA has suffered several blows to its image: 


MAY CA had to correct a preliminary overstatement in reporting its annual 


earnings. The company had already started to use a new accounting model that 
books income as it comes in on a montiily basis rather than for the entire value 


of the contract upfront, provoking controversy. 


JUNE Texas billionaire Sam Wyly launched an unsuccessful but highly 
public proxy campaign to unseat CA's board of directors. 


OCTOBER The U.S. Department of Justice hit CA with an antitrust lawsuit 
over the firm's handling its buyout of Platinum Technology International Inc. 


FEBRUARY Moody's Investors Service said it was reviewing CA for a 


possible credit downgrade. — 


are headquartered, while non- 
EU businesses will do so based 
on where their customers live. 
It’s unknown how far the EU 
will go in enforcing the law, 
particularly on businesses with 
no physical presence in Europe. 
The EU could attempt to get 
an Internet service provider to 
block a Web site or 
one of your company execu- 
tives to take a vacation to Paris 


What's Going On 


July 2003 
U.S. businesses selling digital goods 
in Europe will have to collect a VAT. 


| Threshold 
The law applies only to businesses 
that sell more than 100,000 euros 
or $90,000 worth of digital goods 
annually. 


U.S. Position — 
The law puts U.S. firms at a com- 
petitive disadvantage. In particular, 
U.S. companies must verify cus- 
tomer locations. EU-based firms 

| collect a VAT based on their own lo- 
cations; U.S. companies would col- 
lect based on customers’ ‘locations. 


“wait for 


The U.S. says the issue could 
| trigger a trade war. 


and arrest him on criminal ta> 

evasion charges when he gets 
there,” Mark Nebergall, 
chairman of the Internet Tax 
Fairness Coalition, a Washing- 
ton-based group that opposes 


said 


expanded tax collection oblig- 
ations on e-businesses. 

But businesses may feel the 
need to collect the tax if they 
want to negotiate and enforce 
contracts or office 
in Europe, said Karl Frieden, 
a partner at Chicago-based 
Arthur A and 
ternet taxation expert. 

The flip side of the problem 
is customer compliance. 
verification 
tems used in credit card pur- 
chases don’t necessarily work 
in Europe. 
list home countries where the 
VAT doesn’t said Pen- 
dergrast. “There are so many 
ways for the to subvert 
[paying] the tax,” he said. 

The looming European tax 


open an 


ndersen an In- 


Address sys- 


Also, customers can 
apply, 


user 


collection requirement is alien 
to anything that U.S. law re- 
quires. U.S. companies are re- 
quired to collect sales taxes 
only in states where they have 
a physical presence, although 
some states are pushing Con- 
gress to change that. D 








NEWS 


Energy Firms Move to © 
Thwart Cyberattacks 


Industry Information-Sharing and Analysis 
Center prepares for widespread initiative 


BY MICHAEL MEEHAN 
NERGY INDUSTRY gi- 
ants are preparing to 
make a major push 


into the information- | 
sharing arena, hop- | 


ing that a sophisticated alert 
system will protect the nation’s 
critical fuel infrastructure from 


physical assaults and cyber- | 


attacks. 
Following a model used in 
the financial services and high- 
tech industries, oil 
companies have formed the 
Energy Information Sharing 
and 
The center began 
in November among founding 
members, including Conoco 
Inc., 
ronTexaco Corp. and BP PLC. 


The group intends to push the | 
center as an industry-standard | 


defense mechanism. 


“Maintaining the integrity of | 


those [IT] systems has become 


an increasing concern in our | 
said Bobby Gillam, 

manager for global security at | 
“We | 
have to make sure that our crit- | 
ical infrastructure is protected | 
from both cyber and physical | 


industry,” 


Houston-based Conoco. 


threats.” 


Daily Threats 


Sarah Jensen, manager of en- 
security at Char- 
based Duke Energy, 


terprise IT 
lotte, N.C 


said that each day, her division | 
tackles threats caused by faulty 


technology or inadvertently 


exposed applications, creating | 
the need for round-the-clock | 


vigilance. 
“I'd like to grow the ISAC so 
it makes my job easier, 


stop shopping. Right now, I’ve 
got my staff checking all these 
different agency and vendors’ 
sites looking for information.” 
Predictive Systems Inc. in 


and gas | 





Analysis Center (ISAC). | 
operating | 





Duke Energy Corp., Chev- | 


"Jensen | 
said. “My goal is to create one- 


| New York has been tapped to | 


run the ISAC on a Unix server 
farm in Reston, Va. 

Anish Bhimani, 
nology officer at 
Systems, said that 


chief tech- 


behalf of the financial services 
industry and foreign countries 
have allowed users to 
anonymous information 
receive classified alerts. 
Alerts can be labeled “nor- 
mal,” “urgent” or “crisis-level.” 


and 


Bhimani said a tip received two | 
weeks ago gave ISAC members | 
a head start on tackling flawed | 


Simple Network Management 


Protocol (SNMP) installations. | 
Last week, Computerworld re- | 


U.S. Firms Look North for Outsourcing Help 


Predictive | 
previous | 
ISACs the company has run on | 


post | 
| tonio-based oil refiner Tesoro 





| ported on a warning that hun- 
| dreds of hardware and software 
| products with built-in support 


for SNMP are vulnerable to at- 
tack [Page One, Feb. 18]. 

“Every hour counts in these 
situations,” said Bhimani. 

While ISACs do a good job 
of disseminating alerts from 
government agencies, energy 
firms will need to rethink how 
their IT infrastructures push 
information out to the rest of 
the industry, said Gillam. 

Mark Evans, CIO at San An- 


Petroleum Inc., noted that it’s 
difficult to draw information 
from the Supervisory Control 
and Data Acquisition systems 
that run the operations of most 
oil and gas companies. 

“For a long time, we’ve been 
unable to share that informa- 





tion within our own company,” | 


Currency exchange rate, proximity and 
similar culture make Canada viable choice 


BY JAIKUMAR VIJAYAN 
So-called nearshore outsourc- 
ing from 
Canada have become an alter- 
native to traditional offshore 
arrangements for some USS. 
companies that are looking to 
cut their IT costs. 

The cheaper dollar and low- 
er labor costs in Canada, as 


services delivered 


well as the geographic proxim- | 


ity and cultural similarities be- 
tween that country and 
US., 
nies such as Worcester, Mass.- 
based Allmerica Financial Corp. 

Allmerica outsourced appli- 
cation development and main- 
tenance for two of its business 
units to Keane Inc. in a deal 
signed in late 2000 and ex- 
panded last month. While cut- 
ting costs wasn’t a fundamen- 


| Outsourcing to Canada can 
the | 
are big draws for compa- | 





tal driver of the outsourcing 
decision, the move has resulted 
in a 20% savings in software- 
related expenses, said All- | 
merica CIO Greg Tranter. 

Much of that 
derived from 


IT Migration 


savings was 
Boston-based 


offer the following benefits: 
w The work can be done more cheaply 
than in the U.S 


@ Travel and communication costs are 
lower than they would be in more distant 
countries 


w There are fewer cultural differences to 
deal with among workers 


w There are no major time zone differences 


| from Canada are typically able 
| to shave 15% to 25% off the 
| costs of doing the same work in 





that can disrupt interaction 


Evans said. “That’s really the 
first step.” 

Gillam said companies will 
likely be reluctant to share in- 
cident information with fed- 
eral authorities unless the gov- 
ernment can ensure the priva- 
cy of that information. 

Bhimani said real-time IT 
capabilities — as well as confi- 
dence that shared information 
can be kept confidential — will 
be critical. 

“Right now, we get a lot of, 


Critical Protection 
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‘Here’s what happened, and 
here’s what we did about it’ 
submissions, as opposed to, 
‘Something just happened — 
everybody duck’ warnings,” he 
said. “To get to that next step, 
it’s going to require some phys- 
ical and cultural changes in the 
industry.” 

Founding members of ISAC 
also plan to establish an IT 
best-practices list so that users 
will be able to turn the infor- 
mation into action. D 


A National Petroleum Council report last year found weaknesses 
in the IT infrastructure for oil and gas companies, including im- 
mature response and recovery capabilities and a lack of a real- 
time alert system. Here are some of its recommendations: 


= Each company should conduct regular vulnerability assessments of its 


own systems and those of its partners. 


a = The industry and government should advocate the development, ‘adoption 


and implementation of global IT management processes, based on the 
International Standards Organization model. 


Companies need to enhance response and recovery plans with an eye 


toward regional planning and infrastructure interdependence. 


= Anoil and gas industry ISAC should be formed to provide alerts to all_ 
member companies. 


Keane’s use of its facility in 
Halifax, Nova Scotia, to deliver 
services to Allmerica, Tranter 
said. Allmerica also consid- 
ered using offshore firms, but 
the company decided that it 
could get some of the same ef- 
ficiencies taking the nearshore 
approach, without having to 
deal with as many cultural 
differences and travel issues, 
Tranter explained. 

“We just feel a lot more com- 
fortable with this,” he said. 

IT services firms working 


the U.S because of the curren- 
cy exchange rate, said Michael 
Filak, a senior vice president 
at Montreal-based outsourcing 
vendor CGI Group Inc. 

Last October, for instance, 
CGI finalized a 10-year, $380 | 
million outsourcing contract 
with Novata, Calif.-based Fire- 
man’s Fund Insurance Co. A 





big part of the contract in- 
volves CGI taking over man- 
agement of the insurance com- 
pany’s mainframe data center 
in Phoenix. But as part of the 
deal, a CGI facility in Canada 
will also provide 24-hour sup- 
port services for more than 
11,000 PCs, laptops and print- 
ers used by Fireman’s Fund. 

Going forward, applications 
such as e-mail and general 
ledger functions would be can- 
didates for similar outsourcing 
arrangements, said Fireman’s 
Fund CIO Billy McCarter. 

“So far, the transition to CGI 
has worked very well,” Mc- 
Carter said, adding that the 
deal should lower the insurer’s 
overall IT infrastructure costs 


| by about 21%. 


Bruce Caldwell, an analyst 
at San Jose-based Dataquest 
Inc., said that outsourcing work 
to Canadian services firms can 
be especially attractive on 
projects that require a high 
degree of interaction between 
U.S-based IT staffs and exter- 
nal programming and develop- 
ment teams. D 
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Two Intel Executives 
To Share IT Duties 


Intel Corp. named Douglas Busch 
and Sandra Morris as co-ClOs. 
Busch, 48, was director of IT at 
Intel, and Morris, 47, was in charge 
of the chip maker's business-to- 
business projects. Intel had never 
formally filled the ClO position. 
Falls Church, Va.-based Capital One 
Financial Corp. dropped a co-CiO 
arrangement last fall, but several 
other companies retain such setups. 


Prof Named to Inspect 
Windows Source Code 


U.S. District Court Judge Colleen 
Kollar-Kotelly appointed University 
of Utah computer science professor 
Lee Hollaar to inspect Microsoft 
Corp.’s Windows source code for 
the nine antitrust holdout states and 
the District of Columbia. The group 
hopes the review will show that Mi- 
crosoft can release a version of 
Windows without its applications. 
Microsoft says that can’t be done. 


IBM, VMware Team 
On Server Tools 


IBM said it plans to work with Palo 
Alto, Calif.-based VMware Inc. to 
develop dynamic logical partitioning 
capabilities for some of its Intel- 
based multiprocessor servers. The 
technology is intended to let users 
configure IBM's xSeries 360 
servers as up to 20 separate virtual 
machines, IBM said. Shipments of 
the virtualization tools are expected 
to start in the third quarter. 


| plications on zSeries 800s. 








| New entry-level zSeries system includes 


NEWS | 
M Puts Mainframe 
‘Tools in Smaller Box 


technology from higher-end machines 


| 
BY JAIKUMAR VIJAYAN | 


SERS hungry for 


mainframe pow- | 
er but unwilling | 
to shell out the 

big bucks for it | 


may have a new option in the | 
| eServer zSeries 800 line that 


IBM announced last week. 
With prices starting at less 
than $400,000, an entry-level 


| zSeries 800 mainframe costs | 


just one-third the price of an | 


| entry-level 64-bit zSeries 900 


system while offering much of | 


| the same functionality, accord- 


ing to IBM. 
The new system is available 


| in eight models, including a 
| Linux-only 
| plans to market it for use in 

| consolidating applications ona | 


machine. IBM | 


single system and for running a | 


| range of e-commerce applica- | 


tions. 

IBM last week intro- | 
duced z/OS.e, a specially priced 
version of its 64-bit z/OS main- 
frame operating system. IBM 
will offer discounts on the soft- | 


also 


ware as an incentive for users 
who run new databases and ap- 


“The 800 
IBM’s commitment to provide 


zSeries shows 


| z-architecture [products] to a 


very broad range of customers 
and applications,” said Dan | 
Kaberon, Parallel Sysplex man- 


| ager at Hewitt Associates LLC, 
| a Lincolnshire, Ill.-based hu- 


| Man resources outsourcer. 


Short Takes 


SUN MICROSYSTEMS INC. next 

month plans to ship an upgrade of 
its iPlanet Application Server soft- | 
ware with a set of prebuilt Java 
components for basic data process- 
ing tasks. . . . Denver-based soft- 
ware vendor J.D. EDWARDS & CO. 
reported a $4.1 million loss on rev- | 
enue of $200.6 million for its first | 
quarter ended Jan. 31. | 


Low-Cost Upgrade 

The zSeries 800 gives cur- | 
rent mainframe users a rela- 
| tively low-cost way to upgrade 


to IBM’s 64-bit zSeries archi- 
tecture, Kaberon said. And the 
zSeries 800’s load-balancing 


| and partitioning technologies 
| make it a good application- | 
for | 


consolidation platform 
first-time mainframe users, he 
said. 


| Rich 


PA 8700 


This isn’t IBM’s first attempt 
to lure new users to mainframe 
technology with low-price 
models. The company’s Multi- 
prise systems are also low-cost 
mainframes that IBM has been 
trying to pitch for the past few 


| years at new users, but without 
| much success, according to 
| analysts. 


The difference with the 
zSeries 800 is that this is the 
first low-price model to fea- 
ture the same _ technologies 


that are available in the more | 
said | 
IBM vice | 


z900 
an 
president. “This is a full- 
fledged mainframe in all re- 
gards,” he said. 

ZSeries 800 


expensive boxes, 


Lechner, 


systems can 


HP Aims Midrange Servers 
At Application Consolidation 


BY JAIKUMAR VIJAYAN 
Hewlett-Packard Co. is shoring 


| up its midrange Unix server 


family with a new eight-way 
system featuring technologies 
migrated from its high-end 
Superdome server. 


tioned as a server consolida- | 


tion system and as an engine 


| for running e-commerce, ser- 
vice provider, business intelli- | 


| 
HP rp7410 


gence and enterprise resource 
planning applications. 

The server is based on HP’s 
fea- 
tures the same _high-perfor- 
mance crossbar switching and 
cell-based architecture found 
in the Superdome system. 


processor and 


Though the rp7410 is much | 


smaller than the Superdome, it 
performs about 100,000 trans- 
actions per minute, which 


| zSeries 900 system, said David 


| well 
| workloads makes it a scalable | 





makes it a powerful box in 
| most situations, said Jonathan 


| This would have been a pretty 
The HP rp7410 system being | 
introduced this week is posi- | 


| availability technologies, said 


| ® Up to eight virtual partitions (available 


support up to four processors 
and a range of operating sys- 
tems, including z/OS, OS/390, | 
Linux, VM/ESA and VSE/ESA. 
The systems ship with 8GB of 
memory and support IBM’s 
HiperSocket technology for 
high-speed communications 
between partitions in a server. 
The system may appeal both 
to new users and to existing 
mainframe users who are hun- 
gry for new capacity but don’t 
want to invest in a 16-way 


Mastrobattista, an analyst at 
Cambridge, Mass.-based Giga 
Information Group Inc. “The 
zSeries 800 gives users the lat- 
est mainframe technology at 
very low cost,” he said. 

The system’s ability to run a | 
mix of operating systems as 
as traditional and new 


and flexible alternative to high- 


Eunice, an analyst at Nashua, | 
N.H.-based Illuminata Inc. 

“It’s midrange only in com- 
parison [to the Superdome].... 


fabulous high-end box a few | 
years ago,” he said. 

A key feature of the rp7410 is 
its support for a range of high- 


Features 


@ Up to eight PA 8700 CPUs at 650 MHz 
and 750 MHz 





later this year) 
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IBM's zSeries 800 


® Supports up to four processors 


= Can operate independently or 
as part of a Parallel Sysplex 
cluster of servers 


= Supports z/OS, 2/0S.e, z/VM, 
OS/390, VM/ESA, VSE/ESA, 
Linux for zSeries and Linux for 
S/390 operating systems 


® Supports up to 32GB of central 
memory, with 8GB standard. 


® Supports HiperSocket technol- 
ogy for high-speed communica- 
tions between partitions 


end Unix servers from compa- 
nies such as Sun Microsystems 
Inc., said Mike Kahn, an analyst 
at The Clipper Group Inc. in 
Weliesley, Mass. 

In another first, IBM said it 
will sell a majority of the new 
systems via resellers, who will 
also support and service the 
machines. Most of IBM’s high- 


| end mainframes are sold di- 


rectly. IBM said it expects re- 
sellers to ship more than 80% 
of the zSeries 800 systems. D 


Mark Hudson, an HP vice 


| president. 


For instance, technologies 


| such as self-healing caches, 


clustering and processor fail- 


| over allow the server to con- 


tinue operating through major 
failures and errors, 
Hudson said. 

With the rp7410, HP is also 
introducing dynamic virtual 
partitioning and hard parti- 
tioning capabilities in its mid- 
range lineup. Initially, only 
hard partitions will be sup- 


system 


| ported, but later this year, HP 


plans to introduce support for 
virtual partitions that allow 
users to run up to eight sepa- 
rate applications, each with its 
own copy of the operating sys- 


| tem, in the same box. 


Such capabilities are crucial 
for users looking to consoli- 
date multiple applications on 
large servers, said Sarang 
Ghatpande, an analyst at D.H. 
Brown Associates Inc. in Port 
Chester, N.Y. 

An entry-level rp7410 system 
with two processors and 2GB 
of memory costs $69,000. B 
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ICANN Panel Weighs 
DNS Vulnerabilities 


Head of new security committee says 
lower-level servers need more protection 


BY PATRICK THIBODEAU 

The Internet Software Con- 
sortium’s Berkeley Internet 
Name Domain (BIND) server 
software is the predominant 
system for running the Do- 
main Name System (DNS). 
The Internet Corporation for 
Assigned Names and Numbers 
(ICANN), the nonprofit group 
responsible for the stability of 
the Internet, recently formed a 
security committee aimed, in 
part, at examining DNS secu- 
rity holes, including BIND 
vulnerabilities. 

Stephen Crocker, who helped 
develop protocols for Arpanet, 
this month was named to lead 
the new committee. He spoke 
with Computerworld last week 
about some of the issues his 
committee is facing. 


ICANN is responsible for ensuring 
the stability of the DNS. From a se- 
curity perspective, what does that 
entail? One area is to work 
closely with [interested] par- 
ties to set the rules and proce- 
dures to ensure operations are 
smooth, reliable and resistant 
to being penetrated. There are 
also the root servers — the 
top-level machines that point 
to the .com, .biz, .org. and .net 
machines. There are 13 of 
these root servers around the 
world, and they are somewhat 
independent. It’s not terribly 
important who is in charge so 








much as whether or not every- 
body has the same shared pic- 
ture of what to do. 


BIND was recently cited by the 
CERT Coordination Center as its 
top vulnerability concern. How 
susceptible is BIND to attack, 
and what can be done about it? 
Actually, not all of the servers 
are running BIND these days. 
Some diversity has developed, 
and I expect this trend will 


| Automated system 


cuts help desk costs 
at health care firm 


BY DAN VERTON 

WellPoint Healthcare Net- 
works Inc., one of the largest 
publicly traded health care 


companies in the U.S., this 
| week 


will announce a deal 
with Courion Corp. to help put 
password management and 


| identity authentication back in 


the hands of its 16,000 users. 
WellPoint, formerly Blue 


| Cross of California, is using 


Framingham, Mass.-based 


| Courion’s PasswordCourier 


and ProfileCourier software to 
reduce help desk costs associ- 


ated with managing passwords | 


and to improve security by au- 
tomating password policy en- 
forcement. 

The Courion tools were de- 
ployed last month on Well- 
Point's network. 

Passwords are the main ve- 
hicle for WellPoint’s 16,000 
employees to gain access to the 
corporate network. However, 
recent mergers and acquisi- 





| spread across 80 offices that 





continue. That’s the good 
news. The bad news is that 
older versions of BIND are 
still in use. This is not general- 
ly true at the servers for the 





root-level or the top-level do- 
mains, but it is a 
problem at many of 
the lower-level 
servers. In general, 
the root servers and 
the top-level domain 
servers are generally 
more secure than 
many of the lower- 
level servers. 

There has also 
been in preparation 


tions, as well as a move last De- | 
cember from a mainframe en- 


vironment to a client/server | 
network, made password man- 
agement a nightmare for em- 
ployees who needed to syn- 
chronize access across multi- 
ple systems, said Tom Kiger, a 
data security engineer at 
Thousand Oaks, Calif.-based 
WellPoint. 

“We needed a way to get 
them back online quicker so 
that they could focus on their | 
jobs,” said Kiger, adding that 
the company’s workers are 


use seven different operating | 
systems. The use of Courion’s 
technology offers WellPoint 
what Kiger called a “self-ser- 
vice process” that didn’t force | 
the company to lock itself into 
a proprietary framework. 

Users access Password- | 
Courier through a Web brows- 
er or the Windows NT log-in 
prompt or via automated tele- 
phone response. The software | 
prompts users for specific an- 
swers to secret questions that 
they establish and links to an 
encrypted database where the 
authentication information is 
stored. 





CROCKER: Setting 
DNS operating 
rules a priority. 


| president at 


for several years the DNS Se- 
curity Protocol [a standard us- 
ing public keys], but it is not 
yet deployed. There are ques- 
tions about how soon it can be 
deployed. 


How vulnerable is DNS? I don’t 
know yet. I do know if you 
were to take down all the root 
servers and ask the question, 
“How much damage would 
there be and how soon?” the 
answer [would be] that the im- 
pact would only be 
incremental for a 
couple of days before 
real trouble set in. 
When you type in 
a name — www. 
icann.org, for in- 
stance — it has to be 
translated to an IP 
numeric address. 
Your machine has 
the address of the lo- 


WellPoint Workers Manage Own Passwords 


WellPoint outsources _ its 
help desk functions to Verizon 
Communications, and the last 
thing it wants is to pay Bed- 
minster, N.J.-based Verizon for 
each and every request made 
by an employee to have his 
password reset, said Kiger. 

“(Verizon has] a lot of re- 
sponsibilities outside of reset- 


| ting passwords, such as sup- 


porting our daily telecommu- 
nications needs,” he said. 

A typical help desk request 
can cost anywhere from $25 to 
$35, claimed Tom Rose, a vice 
Courion. “The 


PASSWORDCOURIER 


| Interoperability 


# |BM 0S/390 


OTHER USERS: The Boeing Co.., Dell 
Computer Corp., Exxon Mobil Corp., Fannie 
Mae, Kaiser Permanente, Lockheed Martin 
Corp., SunTrust Banks Inc., Target Corp 


| and the U.S. Bureau of the Census 
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| cal domain name server, usu- 
ally run by your ISP. If it does- 
n’t know what that translation 
is, then it passes it up the line. 
If it’s a top-level domain that 
it’s never seen, then it would 
go up to a root server. You can 
think of a root server as ma- 
chine whose name is simply 
“” [dot]. The root servers have 
pointers to all of the top-level 
domains — .com, .us, .uk. If 
you took out even all of the 
root servers, what would hap- 
pen is that brand-new at- 
tempts to resolve a name 
would be unanswered. But 
there are copies of the prima- 
ry information cached in 
many places, and the informa- 
tion is updated every couple 
of days before it’s refreshed. 
So if you had a disruption in 
connectivity, everything 
would still go along, but the 
updates would be disrupted. DB 


help desk employee has to 
challenge you to confirm your 
identity, log the call into the 
help desk system, manage au- 
dit logs and then has to go out 
across multiple platforms to 
change the password,” he said. 

Nancy Alter, director of IT 
customer support at Penn Mu- 
tual Life Insurance Co. in Hor- 
sham, Pa., said her company 
has been using Password- 
Courier for the past three 
years. The software has al- 
lowed Penn Mutual’s informa- 
tion security specialists to con- 
centrate on strategic projects 
instead of the 145 to 200 re- 
quests for password resets that 
the company had been dealing 
with every month, said Alter. 

“They’re not in the on- 
demand production mode that 
a help desk is in, so it would 
take 15 to 20 minutes, and that’s 
lost productivity,” she said. 

Penn Mutual plans to move 
to a self-service model some- 
time next year, Alter said. So 
far, the company has saved ap- 
proximately $17,000 to $20,000 
per year using the Courion 
software, she said. 

Pete Lindstrom, an analyst at 
Hurwitz Group Inc. in Framing- 
ham, Mass., said the decision to 
automate the password reset 
process should be “a slam- 





dunk for any enterprise.” D 
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Storage, Server Chargeback 
Software Gains Popularity 


Companies look to charge departments for 
disk space, say ROI makes it worthwhile 


BY LUCAS MEARIAN 
S THE ECONOMY 
continues to force 
IT shops to tighten 
their belts, some 
firms are turning 


to server and storage monitor- | 


ing software to restrict the 
amount of space used by busi- 
ness units and to charge those 
departments for their use of IT 
and data resources. 

Stamford, Conn.-based Gart- 
ner Inc. estimates that for 
every dollar spent on disk stor- 
age, it actually costs $7 more to 
manage that data. Because of 
the high cost of data manage- 
ment, companies are looking 
to software to help them better 
control business units’ use of 


IT resources, said Gartner ana- | 


lyst David Furlonger. 

With more than 25,000 em- 
ployees, UPMC Health Systems 
in Pittsburgh was concerned 
about network storage capacity 
being overtaken by personal 
data — more than 1.8TB worth. 

The additional management 
required for routine data back- 
ups and restores — as well as 
ongoing monitoring and main- 
tenance —- placed a burden on 
UPMC’s IT shop and cost extra 
in man-hours. 

On top of that, UPMC mi- 
grated from Novell Inc. Net- 
Ware to a Microsoft Corp. Win- 
dows NT server environment 
about seven years ago, which 
removed its ability to manage 
disk space allocation for users, 
said Karen Malik, manager of 
network servers and desktop 
design at UPMC, the largest 
nonprofit integrated health 
care system in the country. 

Now UPMC is considering 
a chargeback tool that comes 
with the latest version of a 
software package it installed 
two years ago. 





“It would be a huge process 
for us to implement that, but it 
would likely be worth it be- 
cause of the return on invest- 
ment,” which Malik said she 
has yet to calculate. 

Malik oversees a shop that 
maintains more than 325 Win- 
dows 2000 and NT servers. She 
also manages developers who 
set up desktop standards and 
create and deploy standard 


| desktop operating systems and 


software packages. 
Malik said one of the biggest 





problems she has run into with 
UPMC’s environment is the 
extent to which users eat up 
entire disks to store personal 
data, forcing her and her team 
to constantly ask people to 
delete files. And because the 
company doesn’t currently 
have a chargeback method, 
UPMC’s IT shop “financially 
supports all server hardware, 
and we can’t afford not to con- 
trol the disk usage,” she said. 

In addition, Malik said, noti- 
fying users that they needed 
to delete files was an arduous 
task that often left IT at critical 
levels of disk space. 

“First you have to do the re- 
porting on who’s using all your 





space and contact them and 
justify your case,” she said. 

In 1997, UPMC installed its 
first server and storage mon- 
itoring utility, called Quota 
Server, from Northern Parklife 
Inc. in Tampa, Fla. UPMC orig- 
inally purchased 12 licenses at 
$895 per server. The company 
has since updated the software 
three times. 

The tools allow systems ad- 
ministrators to set storage quo- 
tas and notify and lock users 
out of directories when they 
have reached preset limits. 

Malik said the chargeback 
feature that Northern Parklife 
will offer in its next version of 
Quota Server, which is due out 


Microsoft Opens Source Code to Integrators 


Says antitrust case 
didn’t lead to move 


BY CAROL SLIWA 
Microsoft Corp. last week an- 
nounced that its Windows 


| source-code sharing initiative 


is being extended to some 150 
systems integrators in more 
than 30 countries. 

A Microsoft spokesman said 
feedback from corporate users 


| factored into the company’s } 


decision to expand the pro- 
gram to Gold Support Services 
Certified Partners, or systems 
integrators, with more than 
1,500 seats of Windows and 


Level A or Level B premier | 


support agreements. 

The spokesman claimed that 
the source-code expansion has 
no relation to ongoing anti- 
trust litigation. Last week, the 
federal judge overseeing the 
antitrust case against Micro- 
soft ordered the company to 
open its source code for recent 
versions of Windows to the 
nine states that are plaintiffs in 





Source Access 


Microsoft has made its Win- 

dows source code available to 

the following audiences: 

# Enterprise customers with at least 
1,500 Windows seats 


= Systems integrators 


the case. “We’ve been working 
on this for quite some time. It 
does signal our commitment to 
sharing even more technical 
information about Windows,” 
the Microsoft spokesman said. 

But John McCarthy, an ana- 
lyst at Forrester Research Inc. 
in Cambridge, Mass., claimed 
that Microsoft isn’t only “try- 
ing to make nice from an 
antitrust perspective,” but it’s 
also seeking to blunt the force 
of open-source Linux. 

Among the many developers 
to whom Microsoft opened its 





Shared Source Initiative last 
year were about 1,700 world- 
wide enterprise customers, 
each of whom had more than 
1,500 seats of Windows cov- 
ered by enterprise or upgrade 
advantage agreements. 

The Enterprise Source Li- 
censing Program permits en- 
terprise users to access Win- 
dows source code to develop 
and debug internal applica- 
tions, as long as they don’t 
modify the source code. 

A Microsoft spokesman said 
that approximately 50 enter- 
prise customers are using the 
source code. But the prevalent 
reaction was “ ‘Gosh, we don’t 
want to spend our IT time 
digging into Microsoft source 
code, but it would be benefi- 
cial if our systems integrators 
could,’ ” he said. 

Frank Orlow, manager of 
technical services at Clark 
Retail Enterprises Inc. in Oak 
Brook, Ill. said it’s not a prior- 
ity for his firm. 

One reason that “nobody 
has the inclination” to access 
Microsoft’s source code is that 
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Payback Time 


Northern Parklife’s Quota 
Server, a server/storage 
monitoring utility, helps 
UPMC Health Systems do 
the following: 

Restrict unwanted file types 
from being stored on a server. 


Allow systems administrators to 
set storage quotas on disk objects. 


Notify users when they reach 
100% disk capacity. 
Provide e-mail notifications to 


users reaching storage thresholds, 
thus reducing calls to the help desk. 


Generate trend-analysis 
statistical reports for administrators. 


next month, is appealing. 

“We would be able to make 
individual departments pay 
for disk space they use. That 
way, we could use the money 
to purchase additional disk 
space,” Malik said. B 


the software maker has been 
“sheltering [itself ] for so many 
years,” said Tom Pane, vice 
president of technology at 
New York-based Ann Taylor 
Stores Corp. 

“Would we like sometimes 
to have the source code to look 
at it? Yeah, but it would be 
like once every three months,” 
Pane said. “We buy packages 
targeted for the NT environ- 
ment. I like to know that my 
vendor has access to that code. 
It isn’t the old days where we 
have systems programmers, 
and we tell IBM where they 
made a mistake. Those days 
are gone.” 

According to Microsoft, sys- 
tems integrators last year re- 
sponded to about | million cus- 
tomer support calls from Win- 
dows users in the U.S. Micro- 
soft claims the extension of 
its source-code program will 
help systems integrators more 
rapidly troubleshoot customer 
issues, fine-tune Windows- 
based custom applications and 
deliver security analysis and 
privacy verification. D 


IDG News Service correspon- 
dent George A. Chidi Jr. con- 
tributed to this report. 





peace 


and quiet can be the most 


reassuring sounds of all. 
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Microsoft Releases Its 
First SNMP Patch 


Microsoft Corp. issued a patch for 
Windows 2000 and Windows XP to 
plug security vulnerabilities that 
could affect users of Simple Net- 
work Management Protocol (SNMP) | 
services. The flaws exist in products | 
from numerous vendors and were 
disclosed two weeks ago by security 
researchers. Users of other Win- | 
dows releases should disable SNMP 
until patches for those operating 
systems are ready, Microsoft said. 


Security Groups Offer 
Cisco Testing Tool 


Two security research organizations | 
and the National Security Agency 
announced a free software tool for 
use in testing and configuring rout- 
ers made by Cisco Systems Inc. The 
tool and a supporting set of bench- 
mark guidelines are aimed at help- 
ing IT managers better secure Cis- 
co-based networks. Cisco said it 
evaluated early versions of the soft- 
ware and sees it as a useful tool. 
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Privacy 


authentication systems and 
tools for enforcing policies that 


| | 
| cover acceptable use of compa- 
| ny computers. And the issue of | 


privacy has taken center stage 


| in each of those areas, she said. 


“The issue still remains that 
you want to have clear notice 
of what information is being 


| collected and how it’s being 


used. There are still areas of 
privacy that remain 


cial data and health care infor- 
mation, said Whitener. “Com- 


; panies have to consider the 


regulatory environment and 
make sure they don't lose sight 
of that,” she noted. 


Don’t Disclose 


More important, companies 


| that are deploying employee 


monitoring and authentication 
systems that collect and store 


| personal data need to do so 
| with an eye toward protecting 


that information from unau- 
thorized disclosure, said John 
Spotila, president of GTSI 
Corp., 
and former ad- 


| ministrator of the Office of In- 


Survey Shows Doubts. 
About Personal Data 


A survey of 1,529 U.S. residents 
conducted by Rochester, N.Y.-based | 
Harris Interactive Inc. found that 
57% don’t think companies handle 
the personal data they collect “ina 
proper and confidential way.” In ad- 
dition, 63% of the respondents said 
existing data privacy laws and prac- 
tices don’t provide a reasonable lev- | 
el of protection to consumers. 


Short Takes 


MICROSOFT released an upgraded 
version of its Mobile Information 
Server software, which connects 
mobile users to corporate intranets 
and Exchange 2000 Server e-mail 
systems. .. . Internet research firms | 
NETRATINGS INC. in Milpitas, Calif., 
and JUPITER MEDIA METRIX INC. 
| 
| 


| tion companies can collect or | 
what they can monitor, “it’s cer- | 
tainly possible to take on liabili- | 


in New York dropped plans to merge 
because of regulatory concerns. 


formation and Regulatory Af- 
fairs during the Clinton admin- 
istration. 

“Many of the potential prob- 
lems arise because people don’t 
think through all of the implica- 
tions of what they are doing,” 


| said Spotila. For example, when 


a company collects biometric 


| information and stores it in a 
| database, that company accepts 
| an implied 
| limit access to that information. | 


responsibility 


While there are no legal con- 
straints on how much informa- 


ty” if that information is com- 
promised, Spotila said. 

The potential problems don’t 
stop there, he said. “You can de- 


| stroy morale, and people won't 
| want to work for your company 


if you reach too broadly,” Spoti- 
la said. “Decision-makers need 
to use common sense.” 

Mike Reagan, senior vice 
president at Vericept Corp. in 


sacro- | 
sanct,” such as personal finan- | 


a systems reseller in | 
| Chantilly, Va., 


to | 


NEWS 


Englewood, Colo., which devel- 
ops software to monitor accept- 
able network use _ policies, 
agreed. He added, however, that 
sound policies and technologies 
can actually improve productiv- 
ity. “Productivity usually in- 
creases when employees know 
where the lines are,” he said. 
Ronald Krutz, privacy prac- 
tice director at Corbett Tech- 
nologies Inc. in Alexandria, 
Va., said the events of Sept. 11 
created a new market in priva- 
cy policy enforcement for his 
company. Corbett last week 
launched a service that’s de- 
signed to bring structure and 
formality to corporate privacy 
policy audits and help execu- 
tives avoid liability pitfalls. 
The new service will involve 
a series of interviews with key 
managers to ascertain what pri- 


executives think are in place in 
their company. Those _inter- 
views will then be compared 
with the results of audits that 
show what is actually in place. 
“There are mature standards 
for assessing security,” said 


Unprecedented security measures 
put in place in the aftermath of the 
Sept. 11 terrorist attacks on the U.S. 
have some civil libertarians worried 
that the tenuous balance between 
the need for public protection and 
the right to privacy may be shifting 
rapidly in the wrong direction. 

They cite plenty of examples 

wA public video-monitoring 
system has been deployed in 
Washington. 

w Multiple proposals have been 
put forward to track and store pho- 
tos and biometric and profiling data 
belonging to millions of air travelers 
and visitors to public buildings. 

w Some states are pushing to 
convert driver's licenses into na- 
tional identification cards 

w Congress has granted federal 
law enforcement agencies sweep- 
ing new powers to monitor the In- 
ternet and other forms of electronic 
communications. 

“There is a long history of data 
being used for purposes other than 
for which it was collected, and the 
potential for abuse here is enor- 
mous,” said Steven Kobrin, a pro- 





vacy protections and policies | 








Krutz. “Privacy, on the other 
hand, doesn’t seem to have that 
formality.” 

The issue of privacy “boils 


down to what data is collected | 


and how it’s used,” said 


fessor and privacy expert at The 
Wharton School of the University 
of Pennsylvania in Philadelphia. 
“The odds that our privacy is being 
invaded by the government have 
certainly gone up, and the odds 
that we will ever know about it 
have gone down.” 

The Electronic Privacy Informa- 
tion Center in Washington has also 
weighed in on several occasions, 
most recently to protest the video 
monitoring of visitors to the na- 
tion’s capitol. The watchdog orga- 
nization called that effort an at- 
tempt to turn Washington into “the 
crucible for high-tech surveillance.” 

But some experts have taken 
the opposite view, arguing that the 
increase in |T-based surveillance 
and other security measures actu- 
ally helps to protect privacy. 

“The measures that we are im- 
posing are fundamental privacy 
protections,” said Allan Raul, for- 
mer White House counsel under 
the Reagan and Bush administra- 
tions and a partner in the Washing- 
ton office of international law firm 
Sidley Austin Brown & Wood. 
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Richard Jones, vice president 
of technology at Commerce- 
Hub, an online hub for busi- 
ness trading partners based in 
Clifton, NJ. “Having an iris 
scan or palm print of someone 
is no more an abrogation of 
privacy than having a finger- 
print — and for that, privacy 
standards and protocols have 
long been established.” 

In any case, it’s clear that 
many IT shops have yet to ad- 
dress the issue. 

An IT manager at a major fi- 
nancial institution, who spoke 
on condition of anonymity, 
said he is unaware of any new 
projects since Sept. ll that are 
specifically related to privacy. 
He did say that the privacy 
challenge is an internal one. 

There’s really “no way to 
completely protect the compa- 
ny’s data from employees with 
authorized access,” the IT man- 
ager said. “We can’t stop differ- 
ent groups from looking at the 
data they need to do their jobs, 
but we try very hard to prevent 
them from updating the data 
without an audit trail.” D 


Post-Sept. 11 Security Measures Raise Privacy Concerns 


“The fundamental threat to our 
privacy is when terrorists and crim- 
inals are able to intrude on the pri- 
vacy and sanctity of our families 
and lives,” he said. “Safety is a pri- 
vacy value.” 

The balance between privacy 
and security “is always about 
trade-offs,” said Kathleen Wallman, 
former White House associate 
counsel and Federal Communica- 
tions Commission bureau chief 
who now runs Wailman Strategic 
Consulting LLC in Washington. 

“A year ago, the big debate was 
in the commercial sector,” she 
said, referring to the issues sur- 
rounding online consumer privacy. 
“Now that’s taken a back seat.” 

However, she noted that people 
will put up with those measures 
only until they are “no longer trans- 
parent or when a mistake occurs.” 

Raul agreed that data must be 
protected from inadvertent disclo- 
sure. However, “people [in 
general] tend to be more realistic 
and practical than a lot of the civil 
libertarians are,” he said. 

~- Dan Verton 





THE STRAIGHT GOODS ON DATABASES. 


DOWNTIME TIES YOU UP. 


If your e-Business is constantly 
online, how do you handle routine 
DBMS chores like maintenance? 


How do you add new components 
and resources without disrupting 
your current customer transactions? 


Fortunately, Sybase ASE (Adaptive 
Server Enterprise) 

12.5 answers these 

questions. 


ASE lets you perform 
routine maintenance 
operations and even 

change configuration 
parameters while the 
database is online. 


You can transfer 
users from your 
primary system to 
your backup system 
without missing a 
beat. Even if they're 
in the middle of a 
transaction. Your 
employees won't even 
know it's happening. 
And neither will your 
customers. 


In case of emergency, 

ASE's proven cluster 

architecture provides 

fail-over to a backup 

server without losing 

any non-committed 

data or severing a 

single user connection. 

Bottom line: ASE delivers continuous 
availability to everyone who needs 
it, whenever and wherever they 
need it. 


INSECURITIES BRING 
YOU DOWN. 


ASE responds directly to your 
security challenges with more 
security features than a Secret 
Service detail. Including, but 
not limited to: protection from 


YOUR Pee Nt 


wiretaps, accidental disclosure 
and prying from thieves and 
vandals. Sybase ASE provides a 
row-level security mechanism 
that allows you to define how 
your database is accessed. It's a 
feature you'll find missing in 
most competitive products. There's 
also link encryption using SSL 
and PKI certificates. So your 
business is safe for business. 


a 


XML MEETS A DEAD-END. 


Sybase ASE makes XML rock in 
ways other databases simply 
don't. Sybase ASE 

has a complete 

XML framework 

for storing, 

managing 

and retrieving 

XML directly 

to and from 

the database. 


SYBASE e-BUSINESS SOFTWARE. 
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Data stored in the database can 

be retrieved as XML, allowing for 
easy integration of your existing 
information with your new Web 

applications. 


A general XML-Query facility 

(XQL) allows you to easily query 

XML data whether it's stored in 

the DBMS, a flat file or even a URL. 

Bottom line: faster development 
times, faster access 
to the information 
you need. 


HIDDEN COSTS 
BITE. 


Sybase ASE puts the 
bite on hidden costs. 


It reduces costs by 
the very nature of 
its 24x7 design. It 
ensures that your 
business never gces 
down. It delivers fast 
backup and recovery. 
It utilizes hardware 
resources efficiently. 
But even before you 
get to all of that 

it saves you time 
and money in the 
traditionally costly 
development process. 


If e-Business is going 
to be a critical part 
of your success this 
year, ASE has a 

critical role to play. 


To find out more about how 
Sybase ASE can help you deploy 
and manage a successful e-Business, 
visit www.sybase.com/breathe or 
call 1-800-8-SYBASE. 


@ SYBASE 


Information Anywhere 


EVERYTHING WORKS TOGETHER” 





Collaboration—it all begins with a shared vision 

In times like these, you can’t afford to partner with someone who's single- 
minded. There must be a shared vision and shared ideas right from the 
start. It’s our unique approach to consulting and services. The method of 
constant dialogue and complementary skills interacting to create better 
solutions. Through collaboration, we can accomplish anything. 

It’s an approach that further benefits from the expertise and resources of the 
entire Fujitsu group, which has long provided world-class technology and platform 
products all over the globe. The result? Business solutions that many may promise 
but few can deliver. 


Unique ROI-focused methodology 

With a global economy and fierce competition pressuring their bottom line, 

most companies today need a partner who can meet their business challenges 

by delivering a rapid and measurable return on their IT investment. 
Knowing this, Fujitsu has been building a results-focused, global consulting 

organization to be known, starting in April, as Fujitsu Consulting. This 

new organization—comprising what is currently DMR Consulting, Fujitsu 

Systems Business of America and other businesses within Fujitsu—utilizes 

a unique, proven methodology that delivers tangible business results to 

clients. It starts by focusing on the results the client expects to achieve. It then 

provides a road map through the design, implementation and operation 

of the solution to achieve the desired results. 


Industry and business-process knowledge 


Fujitsu Consulting creates tailored solutions for a variety of industries— 
in particular, telecommunications, financial services, and government. 
Whether it’s core back office, front office or extended functions, we 
enable companies to better serve their customers and collaborate with 
their extended supply chain of employees, vendors and partners. 


Fujitsu—a different way of working 

At Fujitsu Consulting, we live and breathe three simple but revolutionary 
ideas: deep collaboration with our clients, an eye-to-eye approach, and a 
passion for getting the job done. It is the unique combination of global 
scope and human scale that sets us distinctly apart from our competitors 
and makes us so attractive to our clients. 


oO 
FUJITSU 


THE POSSIBILITIES ARE INFINITE 


us.fujitsu.com 














Baan Plans New 
IT Services Push 


Software Vendor 

Be Inc. Sues Microsoft | 
Be Inc., which sold most of its oper- | 
ating system assets to Santa Clara, 
Calif.-based Palm Inc. last year, 

filed an antitrust suit against Micro- 
soft Corp. in U.S. District Court in 

San Francisco. Menlo Park, Calif.- | 
based Be is claiming that Microsoft 
illegally blocked its attempts to 
compete against Windows in the 

PC operating system market. Micro- 
soft rejected the charges. 


NTT Plans Deeper 
Cutbacks at Verio 


Tokyo-based NTT Communications 
Corp. said it plans to expand cut- 
backs being made at Verio Inc., its 
Englewood, Colo.-based Web host- 
ing unit. Verio’s workforce, which 
was already reduced from about 
3,250 employees to 2,600, will now | 
be lowered to between 1,700 and 
1,800 people. NTT said it will cut the 
number of Verio’s data centers to 
10, from a high of 46 last fall. 


C&W Forecasts 10% 


Decline in Revenue 


London-based Cable & Wireless 
PLC warned that it expects total 
revenue for its fiscal year ending 
March 31 to be down 10% ona 
year-to-year basis. Cable & Wire- 
less, which bought most of the 

Web hosting assets of Santa Clara, 
Calif.-based Exodus Communica- 
tions Inc. earlier this month, blamed 
the expected drop on cei eased de- 
mand for its fiber-optic networks. 


Short Takes 


SPRINT CORP. said it will cut 9% 
of the workforce at its Kansas City, 
Mo.-based wireless unit, SPRINT 
PCS GROUP, and close five custo- 
mer service call centers. . . . Linthi- 
cum, Md.-based optical networking 
vendor CIENA CORP. reported a 
$70.6 million first-quarter loss and 
warned that sales will likely be well 
below plan this quarter. 


| company 


| series of moves aimed at mak- | 
| ing it easier for users of wire- | 
| less data services based on the 


| such 


Software vendor will expand into project 
management as part of Invensys overhaul 


BY MARC L. SONGINI 

USINESS_ applica- 
tions vendor 
Co. is 
through a restruc- 
turing, as parent 
Invensys PLC re- 
its 


aligns various 


units in an attempt to boost | 


its financial performance and 
address customer complaints 
about poor execution. 


As part of the new strategy, | 


Barneveldt, Netherlands-based 


| Baan plans to expand its IT 


services capabilities into areas 
as project management 
and application customization. 


Links Sought fe 


| Roaming plans 
being developed for 
data services users | . 
oa | ing to clear away impediments | 
| to roaming across mobile net- 
| works. That process has large- 
| ly been completed for existing 


| BY BOB BREWIN 


The 
3GSM 


2002 
in 


the 
Congress 


watchword at 
World 


| Cannes, France, last week was 
| integration, both among rival 
| mobile networks and between | 
| those 
| LANs. 


networks and wireless 


Technology vendors and 
wireless carriers announced a 


Global System for Mobile 


| Communications (GSM) stan- | 


dard to roam across mobile 


| networks and wireless LANs. 
London- | 


For example, the 
based GSM Association said a 


task force of its members is 


exploring the technical aspects 
involved in linking GSM-based 


| networks to 802.llb and Blue- 
| tooth wireless LANs. 


Micro- 


Baan | 
again going | 


operating | 


| The company currently offers 
users only basic services such 
as software training. 
London-based Invensys’ or- 
ganizational plan shifts Baan 
| from what had been its soft- 
ware group to a new division 


such as oil and gas, chemicals, 
| food and manufacturing. 

The production manage- 
ment division is one of two 
| core operations that will be 

kept by Invensys, which 
| bought Baan in August 2000, 
| when the applications vendor 


soft Corp. said it’s taking part 
| in that effort, 
| issues such as user authentica- 
tion and billing. 


networks, the GSM Associa- 

tion said, but it added that the 
| roaming issue “is considerably 
on third-gen- 
eration networks. 

Meanwhile, several 


| 
Mobile Moves 


Other announcements 

made at the 3GSM confer- 
ence include the following: 
CITRIX SYSTEMS INC. AND SIERRA 
WIRELESS INC. described a software/ 
hardware combination that lets GSM 
based mobile users access corporate 
applications. 

CHECK POINT SOFTWARE TECH- 
NOLOGIES LTD. released firewall soft 
ware that's designed to protect the gate- 
ways between different mobile networks 


more complex” 


small 





that will focus on production | 
management technologies and | 
services in vertical industries | 


| vendor’s installed base. 
| isa part of Invensys’ core strat- 


which includes | 


Another task force is work- | 





| was struggling for survival. In- 
| vensys said it will also retain a 
| group of energy-related busi- 


nesses and sell off its industrial 


|} control units. 
How the changes will affect | 


Baan in the long term is still 
unclear, said Dick Hill, an ana- 
lyst at ARC Advisory Group 
Inc. in Dedham, Mass. But the 
fact that Invensys is keeping 
Baan is a reassuring sign for 
users, he added. “Baan does 
have a pretty good industrial 
following, and I think [Inven- 
sys officials] recognize that,” 


| Hill said. 


Baan’s president, Laurens 
van der Tang, said the reshuf- 
fling should have only positive 
consequences for the software 
“Baan 


or Mobile Networks, LANs | 


software vendors announced 


technology that supports roam- | 
| ing between mobile networks 


and 802.ll-based Wi-Fi wire- 
less LANs. 

For example, Redmond, 
Wash.-based RadioFrame Net- 
works Inc. 
less access system that it said 
will let mobile workers use 


their corporate wireless LANs | 
and then | 


while within range 
switch to mobile networks. In 
addition, a trio of vendors led 
by Bern, Switzerland-based 
T-net AG detailed 
that supports roaming be- 


a service 


tween GSM networks and the | 


growing number of high-speed 
public-access wireless LANs. 

Alan Reiter, an analyst at 
Wireless Internet & Mobile 
Computing in Chevy Chase, 
Md., said the move to em- 
brace LANs “tells us that the 
wireless carriers don’t want 
to put all their eggs in one 
basket.” But users “can’t roam 
without some way for the car- 
riers to handle the billing,” he 
added. D 


introduced a wire- | 








~ COMPUTERWORLD February 25, 2002 


Teaming Up 


Baan will be grouped with 
these Invensys subsidiaries 
under the new plan: 


The Foxboro Co.: Foxboro, 
Mass.-based maker of process 


Wonderware Corp.: Lake 
Forest, Calif.-based vendor of i 
plant-floor automation software 
Triconex: Irvine, Calif-based 
makes of industria safety control | 

| 

i 


APV Systems; U.K.-based de- 

veloper of process control systems 
Eurotherm Controls inc.: Lees- | 
burg, Va.-based maker of temper- 
ature and process control devices 


— 


egy,” van der Tang said. 

Baan had lost money for 
eight straight quarters before it 
was acquired by Invensys. But 
van der Tang said Baan has 
been profitable for the past 
five quarters and has added 
320 new customers during the 
past 18 months. Under the 
organizational structure an- 
nounced last week, new mar- 
kets could open up for Baan in 
process manufacturing indus- 
tries, he added. The company’s 
focus has traditionally been on 
discrete manufacturers. 


More Services 

Baan is also looking to beef 
up its service offerings so that 
users don’t have to turn to out- 
side consultants for implemen- 
tation and customization help, 
van der Tang said. Baan’s goal 
is to take complete responsibil- 
ity for managing software proj- 
ects, and van der Tang said the 
company plans to aggressively 
recruit new consultants this 
year in order to meet that goal. 

Hill said he expects that a 


| big part of Baan’s strategy will 


involve offering an expanded 
set of IT services to midsize 
companies that typically need 
a lot of assistance during roll- 
outs of enterprise resource 
planning software and other 


| enterprise applications. D 


Stacy Cowley of the IDG 
News Service contributed to 
this report. 
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MARYFRAN JOHNSON 


Follow the (Privacy) Money 


RIVACY PROTECTION is like airline secu- 
rity now. Nobody jokes about it anymore. 
That’s because there’s so much money 

at stake. Companies that prove they can 

keep client data to themselves will simply 
make more money by attracting trusting customers. 
Those that fail to protect private information will 
pay through the nose in lawsuits. 


Increasingly, federal 
and state governments 
are dragging companies 
to court for breaking their 
own data privacy pledges 
[Page One, Feb. 4]. Con- 
sider just a handful of re- 
cent examples of legal 
snafus and the starring 
role IT unfortunately 
played: 

g@ The University of 
Minnesota embarrasses 
itself by accidentally 
identifying more than 400 organ do- 
nors to the recipients. “It shouldn’t 
be on a database; it is a breach just 
waiting to happen,” says a university 
official. “We have IT people and re- 
searchers, and neither of the groups 
knows what the other is doing some- 
times.” 

@ Eli Lily sends an e-mail to more 
than 600 Prozac users, inadvertently 
distributing the name and e-mail ad- 
dress of every recipient in the mes- 
sage. The Federal Trade Commission 
is not amused, and the company 
swiftly agrees to a settlement. 

gw A vengeful former IT employee 
at telecommunications firm Global 
Crossing posts names, Social Securi- 
ty numbers and birth dates of com- 
pany employees on his Web site. The 
legal consequences are still unclear. 

Analysts at Forrester Research say 
the $47.6 billion spent online last 
year might have been $15 billion 
higher if consumers weren’t so 
wound up about privacy concerns. 
Making privacy policies clearer and 
more understandable would increase 
sales, Forrester contends. 

A Harris Interactive survey re- 
leased last week supports that claim. 


MARYFRAN JOHNSON is 
editor in chief of Comput- 
erworld. You can contact 
her at maryfran_ johnson 
@computerworld.com. 





The three biggest con- 
sumer concerns with on- 
line privacy were compa- 
nies trading personal data 
without permission, the 
consequences of insecure 
transactions and the theft 
of personal data. Some 
84% of the 1,529 people 
surveyed said they’d like 
checks and balances via 
“independent verifica- 
tion” of a company’s pri- 
vacy policies. 

So where does IT find the green 
lining in this big ugly cloud? Can 
there be an ROI on good privacy pol- 
icy? One place to look is Royal Bank 
of Canada, where a customer rela- 
tionship management system is en- 
abling a number of services — such 
as free encrypted cell phones for 
wireless transactions — that build 
trust with customers by protecting 





their privacy. Privacy “plays a mea- 
surable part in how customers de- 
cide [to] purchase products and ser- 
vices from us,” says Peter Cullen, the 
bank’s chief privacy officer. “It 
brings us more share of the cus- 
tomer’s wallet.” 

Sounds good, doesn’t it? Here are 
some of the key questions to consid- 
er for your own company: 

@ How clean is your customer 
data? If those records are mis- 
matched across business units, how 
can your organization comply with 
privacy preferences? Angry cus- 
tomers bring legal risk, whereas con- 
tented ones bring revenue. 

m How overgrown are your data- 
bases? Smaller, tighter databases are 
better bets for privacy management. 

@ How alert is your privacy watch- 
dog? Congress is mulling new priva- 
cy laws and considering changes to 
old ones. The pace of new interna- 
tional laws is also quickening. 

@ How well would your company 
handle FTC scrutiny? The first two 
questions from the agency would 
likely be: “Did you have a system in 
place appropriate to the sensitivity 
of the information?” and “Did you 
follow your own procedures?” 

But in the end, the most important 
question might just be this one: “Did 
you follow the privacy money?” D 
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PIMM FOX 
Give Us Liberty? 
Give Me a Break 


HE LIBERTY Alliance 

Project is a consortium 

of vendor and user 
companies formed last year to 


create “a commercially viable, 
open, ubiquitous standard for network 
identity, authentication and authoriza- 
tion across a multitude of business sys- 
tems and consumer products touched 
by the Internet,” says Eric Dean, presi- 
dent of the Liberty management board 
and CIO of United Air Lines. 
But why both- 


er? 


Dean and offi- 
cials at alliance 
member Sun Mi- 
crosystems say 
Liberty isn’t a 
competitor to 
Microsoft’s Pass- 
port ideatifica- 
tion and authen- 
tication scheme. 
Instead, they say, 
it’s a stand-alone 
effort to build 
technology standards that may even in- 
teroperate with Passport. Although the 
push behind Liberty is to sell compa- 
nies a set of agreed-upon technologies 
so consumers can have single sign-on 
across commercial Web sites, as well as 
storage of passwords and personal in- 
formation, there are two flaws. 

First, a report by Gartner last year 
revealed that most consumers don’t 
care about these so-called benefits. 
“We asked people which features were 
most important from an online service 
provider,” said Avivah Litan, vice presi- 
dent of financial services at the re- 
search firm. Leading the list, at 29%, 
was making online credit card use 
safer; increased privacy came second, 
with 26%. Single sign-on was down the 
list at 19%. One-click payment (sup- 
posedly a great boon to consumers) 
barely showed up, at just 3%. 

“What people are really concerned 
about is getting solicited,” said Litan. 
Figures back this up. The Gartner poll 
showed that while 95% of online con- 
sumers register some personal infor- 


ick 
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mation at a Web site, more than half — 
54% — do so only because certain sites 
require registration prior to use. Only 
22% register to save time, and just 17% 
sign up for personalized services such 
as shopping suggestions. 

And of the 5% who don’t bother to 
register at all, 43% say it’s because they 
don’t want more ads. 

Which brings up flaw No. 2. 

The Liberty Alliance, whose mem- 
bers include AOL Time Warner, Amer- 
ican Express, General Motors and Sony 
is betting that companies will let their 
customers wander from site to site 
without reauthentication obstacles un- 
der the premise of saving time and 
gaining convenience. 

In reality, Liberty will create a new 
platform for marketing programs — 
the very thing consumers want less of. 

United might funnel a preapproved 
and authenticated customer to a Hertz 
site and receive a commission. But it’s 
inconceivable that United would shuttle 
consumers to American or JetBlue Air- 
ways. Heck, they don’t honor one an- 
other’s tickets, so it’s unlikely they will 
blithely hand over potential customers. 

Liberty’s set of technology standards 
wouldn’t make interoperability a busi- 
ness model. But it would clutter our 
lives with more marketing programs. D 


MICHAEL GARTENBERG 
Issue More 
Laptops to 

The Masses 


HE NOTEBOOK com- 

puter has evolved from 

being a friend of the 
road warrior and a business 


status symbol to a mainstream | 


tool. Yet too many users still find 
themselves constrained by IT policies 
that insist that only mobile workers 
who travel for most of their work are 
entitled to them. But most IT organiza- 
tions would do well by allowing more 
users to work with mobile technology. 
One reason for not buying users lap- 
tops is their cost. But the price premi- 
um for laptops is worth it. For most 
users who fit the knowledge worker 
profile, having a laptop instead of a 
desktop system often increases pro- 
ductivity. On average, companies can 
expect a return of least one to two 
hours of additional work time per day 
per user. This extra productivity makes 


| sole computer — IT depart- 


up for the higher cost of the 
laptop when measuring the 
total cost of ownership over 
its life, which is generally 
about two years. 

But many laptop deploy- 
ments fail and are rejected 
by end users. Here are three 
reasons why this occurs and 
how IT departments can in- 
crease user satisfaction: 

@ The major reason is 
users’ perception that they 
can’t use a laptop as their 


ments are often deluged with 

requests for both laptops and 

desktops for individual users. There is 
rarely a business justification for this. 
With adequate training, employees can 
work effectively with a laptop as their 
sole system. Although there’s always a 
class of high-end users that will require 
the fastest processor possible (consider 
for a moment whether any of your 
users are working on the human 
genome project or something similar), 


MICHAEL GARTENBERG 
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the vast majority can make 
do with the performance of 
today’s notebook-class sys- 
tems. While employees will 
have to learn some remote 
computing skills, such as 
using a virtual private net- 
work or switching between 
home and work printers, 
those tasks should be in- 
cluded as part of standard 
IT training. 

@ Another reason: Some 
IT department policies 
make it extremely difficult 
for users to work effective- 
ly with their systems. My 
favorite example is a company that 
eschewed desktops for laptops for all 
employees and purchased top-of-the- 
line ThinkPad systems from IBM. The 
company then had the systems bolted 
to users’ desks; they were required to 
get permission and a key from a super- 
visor to take a computer home or on 
a trip. Needless to say, most users 
didn’t see any productivity gains in 





29 


terms of additional hours worked. 
Also, laptops are highly personal 
items, and users must be consulted 
about form factor and size. Ideally, IT 
departments will offer two models: 
one full-featured system with integrat- 
ed optical disks and larger screens and 
keyboards for users who want full 
desktop functions, and another that’s 
an ultraportable system for users more 


| concerned with size and weight than 


with the feature set of a larger system. 
m@ IT departments need policies 
about what’s allowed on users’ sys- 


| tems. A good rule of thumb: Give users 
| latitude regarding their configurations, 


but insist that IT will support only 
standard IT configurations and not 
end-user modifications. 

Today’s information and knowledge 
workers are expected to do more with 
less, so giving them laptops is a step in 
the right direction. How many of you 
work at companies where laptops are 
used as the primary system? Let me 
know, and I'll publish the results in a 


: future column. D 








Ignorance Is No Excuse 


HERE IS NO need for a 

CIO to ever be caught 

in an accounting 
scandal [“CIO in Scandal,” 
Business, Feb. ll]. I agree 
with some of your points to 
protect yourself from crime, 


but let’s not forget one of the 


basic tenets for maintaining 
the integrity of a company’s 
accounting records: delega- 
tion of responsibility. The 
CIO in your article may be 
able to claim ignorance, but 
he was also president of the 
subsidiary primarily in- 
volved in the embezzlement. 
In that role, he should have 
ensured the proper separa- 
tion of duties of the account- 
ing staff. Just separating the 
administration of security 
from the chief accountant 
isn’t enough. Greed and the 
willingness to accept the re- 
porting of good results, vs. 
addressing the actual poor 
performance, played a huge 
role in the scandal. As we 
see from the article, even ig- 
norant greed has a price. 
Gary Moore 

Manager, accounting systems 
Richmond, Va. 





OUR STORY is most 

suspicious. In a busi- 

ness big enough to 
have a CFO, where were the 


outside auditors who certi- 


fied the books for the bank? 
What you seem to have here 
is an insider white-collar 
crime that has been aided 
and abetted by an apparently 
unusually naive CIO. Proce- 
dures, including separation 
of functions and adequate 


controls, can always be over- | 
come by a knowledgeable in- | 
| sider who finds that motive, 


opportunity and means irre- 
sistibly beckon. If anything 
can be learned from the sto- 
ry, it is the need for a CIO, as 
a corporate officer, to know 
something about the busi- 
ness as weil as the adminis- 


| tration of technology. 
| Stephen Richard Levine 
| Chief technologist 


Franzel Mortgage Consultants 
Westlake Village, Calif. 


Falling for Propaganda? 


*M DISAPPOINTED at your 

upbeat discussion of Mi- 

crosoft’s Farsite project 
in the article “Brave New 
OS” [Future Watch, Feb. 11]. 





This is the ultimate vapor- 
ware. You say it embodies 
the characteristics of “fault 
tolerance, self-tuning and 
robust security” — qualities 
that Microsoft has consis- 
tently proved incapable of 
achieving. Worse, this is a 
blatant propaganda move 
against Linux: Why buy 
fault-tolerant Linux servers 
with robust security now, 
when you can get self-tun- 
ing and serverless networks 
from Microsoft any day 
now? I’d expect Microsoft to 
issue such vapor and FUD, 
but Computerworld is usual- 
ly too perceptive to print it, 
especially in such an all- 
believing manner. 


| Steve Litt 


Content lead 
Troubleshooters.com 
Orlando, Fla. 


Security Has Customers 


1Y DOESN’T Math- 
ias Thurman just 


| Jan. 28]? His policies will se- 
| verely limit creativity at his 
| company and foster negative 


attitudes toward security 
managers and security is- 


| sues. All of his users will be 


enemies, not supporters. 


| Think customer service — 
| how can I support my inter- 


nal customers, yet protect 


| our corporate infrastructure? 
| Stewart Givens 


| Research Triangle Park, N.C 


| Editor’s note: Readers can ex- 
| press their opinions on top- 


| 


ics addressed in the Security 


| Manager’s Journal at our 
associated forum: www. 


computerworld.com/q?a1590 


| COMPUTERWORLD welcomes 


| comments from its readers. Letters 


will be edited for brevity and clarity 
They should be addressed to Jamie 


| Eckle, letters editor, Computerworld, 
| PO Box 9171, 500 Old Connecticut 

| Path, Framingham, Mass. 01701. 

| Fax: (508) 879-4843. Internet 

| letters@computerworld.com. Include 
| an address and phone number for 


disable all network | 


access and superglue all 
floppy disk drives closed 
(“Virus Attacks Can Enter 
Through Many Doors,” Se- 
curity Manager’s Journal, 


immediate verification 


For more letters 
on these and other 
topics, visit our 
Web site: 


| www.computerworld.com/q?q5000 
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Ensuring Trust in Web Services 


SCOTT MCNEALY 
Microsoft Should 
Line Up With 
Liberty Alliance 


THINK EVERYONE in the high-tech 

industry was a bit surprised by Bill 

Gates’ recent memo to his company 
— surprised that it wasn’t written 10 
years earlier. Still, I suppose it’s good 
news that Microsoft will finally begin to focus on 
building “trustworthy” products. 

The bad news is that the occasion wasn’t used to 
deliver an entirely different message. Well, not en- 
tirely different — it could still use the word trustwor- 

thy, though in a much broad- 
er context. 

Microsoft is clearly con- 
cerned that its Web services 
initiative, called .Net, won't 
get off the ground if con- 
sumers can’t trust the com- 
pany’s products. That’s only 

; a half the story. 

\ Pigg. Consumer trust is indeed 
vital to the success of Web 
services, but so is having the 
trust of other service pro- 
viders and software vendors. 

Every major technology company envisions a fu- 
ture in which new Internet-based services will inter- 
act seamlessly (often without human intervention) to 
make our jobs and lives easier. The benefits of such 
services are innumerable and the potential market 
unbounded. But to work, these services can’t be tied 
to any single company or platform. 

The beauty of working in an open, multivendor 
framework is that software developers and service 
providers can target a much broader market to create 
services that can be delivered to everything from 
PCs to PDAs, from mobile phones to automobiles, 
and even to devices that have yet to be invented. 

The value of those services is multiplied by the 
way they interact with one another, setting off a chain 
of electronic events at just the right time and place, 
reaching across multiple platforms and networks. 

The clear need for cooperation accounts for the 
growing popularity of the Liberty Alliance (launched 
in part by Sun Microsystems), made up of a diverse 
group of companies that includes makers of auto- 
mobiles, computers, home electronics and wireless 
phones, as well as providers of credit cards, trans- 
portation, communications and online services. 
Together, these companies represent more than 1 
billion customers. 

The Alliance’s aim is to come up with an open 


SCOTT McNEALY is CEO of 
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standard for the following three things: 

@ Identity, so businesses and consumers have a 
common way of referring to one another. 

w Authentication, so everyone has a good way of 
confirming that people are, in fact, who they say they 
are. 

# Authorization, so people can actually use the 
services they’ve signed up for. 

Having a single, open standard will make that 
whole process easier to manage. The alternatives: 
multiple proprietary standards, which would mean 
huge overhead and interoperability problems. Or a 
central authority, which would mean a single point 
of failure and control, which no one wants. No one 
who really cares about security, anyway. 

The many companies in the Liberty Alliance want 
to do this the right way, so they can create new 
services that will work with one another’s existing 
services. 

Just as important, the Liberty standards will enable 
people to administer their own personal profiles, 
preferences and permissions and securely share that 
information with the organizations they choose. 

Microsoft, with its proprietary Passport identifi- 
cation system, is trying to leverage its monopoly in 
desktop operating systems to become the repository 
— and sole guardian — of vast amounts of personal 
information. 

But if Microsoft is really serious about its new 
commitment to security (to say nothing of open 
standards or the right of individuals to control their 
personal information), it should abandon the monop- 
olistic, single-point-of-failure Passport system and 
join the Liberty Alliance. D 


Microsoft Exec: 
Industry Should 
Follow Our Lead 


ICROSOFT’S Trustworthy Com- 
puting initiative, recently de- 
tailed in a companywide e-mail 

from Bill Gates, rep- 

resents the next step 

in the company’s on- 

going effort to create 

a computing experience 

that’s fundamentally reliable 

and secure. It’s a call to ac- 

tion for the entire technolo- 

gy industry, which, as we’ve 

seen with the SNMP vulner- 

ability identified earlier this 

month by the CERT Coordi- 

nation Center, shares in the 


ARBOGAST 





challenge of making everything from individual 

chips to global Web services as secure as possible. 
To be sure, we at Microsoft are the first to admit 

that we can do a better job of creating safer and more 


| secure software and services. At Microsoft, we be- 


lieve that such self-evaluation, along with a passion to 

push the envelope on technology and the experience 

we offer customers, is a key ingredient in our success. 
This same passion and commitment can be seen in 


| Microsoft’s leadership in the world of Web services. 


Our efforts include the following: 

@ Advancing critical industry standards such as 
XML, SOAP, WSDL and UDDI. 

@ Co-founding, along with other industry leaders, 
such as Accenture, BEA Systems, Fujitsu, Hewlett- 
Packard, IBM, Intel, Oracle and SAP, the Web Ser- 


| vices Interoperability Organization (http://WS-I. 


org), a group chartered to provide our shared cus- 
tomers with a clear and consistent road map for cre- 
ating and implementing interoperable Web services. 

@ Giving developers tools such as Visual Studio 
.Net and the .Net framework, which make it easier to 
build upon these standards to create rich, secure ap- 
plications and Web services. 

This same customer focus is what drove us last fall 
to introduce a vision for a universal, or “federated,” 
authentication system. In October, we released early 
drafts of some technical specifications that will serve 
as the foundation for this vision. Just as those in the 
banking industry worked together to create the ATM 
network that so many of us rely on today for a conve- 
nient banking experience, we see tremendous value 
in having a federated, trusted and universal network 
of authentication. 

We believe deeply in this goal and continue to 
work with industry leaders, including members of 
the Liberty Alliance, to advance our shared vision of 
trusted interoperability and universal authentication 


| on the Internet. Passport, Microsoft’s implementa- 


tion of an online authentication and single sign-in 
service, is operational today. Since going live in 1999, 
Passport has grown to 200 million active accounts 
and processes more than 3.5 billion authentications 
per month. The Liberty Alliance is working on future 
specifications upon which interoperable authentica- 
tion services may be built. Consequently, we don’t 
believe that Passport and what the Liberty Alliance 
is attempting to define are mutually exclusive. 
Microsoft has been working on many fronts to ad- 
vance this new era of trusted computing, from fixing 
the short-term issues we face today to undertaking the 
long-term research that will lead to the fundamentally 
trustworthy systems of tomorrow. This is the type of 
leadership that’s required at this critical moment in 
our industry — constructive action based on real 
technology solutions for customers, rather than 
rhetoric. That’s what the industry and our customers 
want, and what Microsoft will continue to deliver. B 





Editor’s note: This column was written at the request of 
Computerworld in response to McNealy’s column. 





Here are three-hundred-eighty-nine- 
thousand-four-hundred and thirty-four reasons why you'll thank HP for building the Superdome 


server. That's the number of transactions per 
minute it recorded, according to the latest TPC-C 
benchmark results. You'll appreciate how much 
more productive you can be with a UNIX® server 
that’s 76% faster than IBM’s highest published 
non-clustered TPC-C result. That's fast enough to 
satisfy even your most demanding IT manager 
And your CFO will relish Superdome’s price 


performance ratio of $21.24 per transaction 


‘ : { S S Vi wil hno\ 5 
fe coperdons es HP’s Superdome server will have you 


handling more applications, not only faster, but 
more reliably. It’s designed with your always-on 
Internet infrastructure in mind, so you'll be 
working on multiple projects, across multiple 
platforms, with ease. Superdome is equipped to 
handle the Intel® Itanium™ processor architecture 
which HP co-developed. This breakthrough 
technology blends high volume with high 
performance, and it will keep you poized for 
seamless upgrades. We could give you a million 
more reasons. But why take our word for it? 
Check the Top 500 Supercomputer Site list 


Infrastructure: it starts with you 


Find out how Superdome is 
helping Amazon.com dramatically 
increase their performance. Visit 
www.hp.com/large/superdome 
for your copy of The HP Superdome 
Advantage resource guide. 
Or call 1-800-HP-ASK-ME 
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IT Executives!” 
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COMPUTERWORLD Annual 


IT LEADERS 
CONFERENCE 


March 3-5, 2002 
Marriott Desert Springs 
Palm Desert 
California 


= COBOL 


See how award-winning IT Leaders 
solve real-world issues with: 
CRM 


Connecting customer systems with the supply chain for business innovation 


ROI 


Best practices in measuring IT project results and aligning with senior 
management goals 


e 
Supplier Management 
Mastering the art of negotiating and creating true partnerships with vendors, 
outsourcers, and service providers 


Infrastructure Strategies 


Maximizing data management, networks, storage and wireless technologies 


Enterprise Integration 


Creating value with existing IT architectures, Windows migration and Web-based technologies 


Security 


How much is really enough? Calibrating security needs against budget realities 


SELECTED SPEAKERS AND MODERATORS: 


Ri 
Cio 


Thornton May 


eee 
Toffier Associates 


For more information or to register, visit www.premier100.com or call 1-800-883-9090 


For companies interested in sponsoring and exhibiting, contact your Computerworld sales executive, or Leo Leger at 508-820-8212. 








The Storage Event 
that Does it All for IT Users... 


“ os 


pril 2-5, 2002 


Marriott Desert Springs ¢ Palm Desert, California 


The original, largest and proven forum for IT users involved in storage 


Co-owned & networking, enterprise infrastructure and data management 


Produced by: 
The world’s largest gathering of the storage networking industry with 
COMPUTERWORLD IT user case studies, industry executives and industry analysts 


* The world’s largest Interoperability Lab with 50+ companies working 
‘se S N | A together and the interop themes integrated with the conference content! 


wee” A jam-packed program of education, live demonstrations, expo, networking 
that is second to none 


A full conference package including primer, tutorials, general sessions, 
interop lab, expo, meals, receptions, gala events and golf for IT users 


Storage Networking World® sp ’ 
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For more information and to register, visit 
www.storagenetworkingworld.com or call 1-800-883-9090 


The Proven Event 
for Storage Users! 


eration of customer data and e-commerce have brought Storage Networking 
lutions to the forefront of today’s IT agenda. That's why ClOs, corporate executives, I1 
managers, enterprise storage and data management professionals and other key IT 
staff from the U.S. and abroad will join solution providers and 
industry experts at the hottest storage event: Storage 
Networking World, April 2-5, 2002, at the Marriott Deser 
Springs in Palm Desert, California. 


Join us if you want the answers to What, Why and How to 

implement Storage Networking technology to solve your IT 

storage, application and infrastructure needs TODAY! There 
are no other conferences that offer you as comprehensive and focused an industry 
educational and networking forum, with high-profile user case studies 


BENEFITS OF ATTENDING: 


Pe elec tal emt lee el me La) 
industry analyst.speakers and 
Placa oe Le a 


More IT User Case Studies r 
and Panels in the Program! al 


World renowned 
Interoperability Lab! 


Networking Receptions for IT Users! 


Practical “Tips & Tools” 
Workshops from Users and 
lie eee cu 


Choose from Multiple-track 
Workshop-style Tutorials on 
ee Cece OL Ae ea 


CTO Insights Executive Panel! 


Be part of the SNW experience, 
with 4 events in 3 countries! 


WORKSHOPS & LABS SESSION HIGHLIGHTS 


Interoperability Lab 


presenting the Interoperability Lab, the world’s largest Listen to ior executives 


networking interoperability extravaganza. The lab, in corp 
a will show- focused o 
onfigurations that addre d users networking come 
nforce the concepts — taught in the 
demonstrate s for backup 
rking infrastru 2 ign, storage 
Those 
ab and discu 
gurations and 
that are being 


Practical Workshops for IT Users 
oe pte aaa 
of ae cal 
s with both IT users 


Referenced tips, tools and techniques are u 


ndor CTOs leading the discu 


Primer: Considerations for 
Building an Internal Storage 
Utility Infrastructure 


P ands 
tility concept for storage 


“Storage Networking World is a unique conference 
that blends representatives from both the user and 
vendor communities in a single forum. For users, this 
is an opportunity to gather and discuss long-term 
strategies, current issues and hot topics, as well as 
every-day problems and concerns. This type of interac- 


tion is invaluable for the end user.” Kurt Bahrs 


- Gary Fox 
Senior VP and Director of Enterprise Data Storage Aetna 
First Union Bank 


Featured Speakers 


from the user and ve 


User Case Studies 


“Attending Storage Networking World is a big plus 
for me in terms of seeing which products are out 
there and managing my vendor relationships. You 
get to talk to the top people in the industry and 
discuss storage solutions based on your company's 
specific needs.” 


Disaster Recovery Coordinator 





For more information and to register, visit 
www.storagenetworkingworld.com or call 1-800-883-9090 
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USER CASE je Aes oaks CONFERENCE PROGRAM 


Tuesday, Apri! 2nd 
10:00am - 12:00pm 


Storage Networking World Primer 
with Steve Duplessie 


ANTHONY VICKIHAMILTON MIKEPRINCE § BOB VENABLE Leitch 1:00 - 6:00pm 
LLOYD Vice President clo ee Tutorial Tracks 
Vice President Shared Services —_ Burlington Coat Systems KARL HUF Topics include: Storage for LAN Managers 
Computer & IT Operations Factory Vice President Pitti, ’ 
Operations The Weather BlueCross Northern Trust meta Yd ree i 
Warner Brothers Channel BlueShield of Company etworks for anagers; Storage 
Tennessee Virtualization; Security; IP Storage; Infrastructure 
Design; Disaster Recovery; User Experiences 
1:00 - 6:00pm 
Golf Outing 


7:00 - 9:00pm 
Pre-Conference Networking Reception 


Wednesday, April 3rd 


PLUS: Executive User Case Studies from: 
« WRQ ¢ Hannaford Brothers e Bank of Montreal 


FEATURED SPEAKERS 


7:30 - 8:30am 
8:30am - 12:00pm 
Keynote/General Sessions 
= Lunch 
LINDA BOB MUGLIA NORA DENZEL JAMES PAUL BORRILL BOB 1:00 - 5:00 
SANFORD Senior Vice Vice President ROTHNIE Vice President BEAUCHAMP ee vpm 
President and Enterprise anager id VERITAS BMC Software a 
Group Executive Storage Group Network Storage a 0 Software 5:00 - 8:00pm 
: Cocktails, Expo, Interoperability Lab, 
Group Hewlett-Packard 
Thursday, April 4th 
GaSe _ Ballet 
8:30am - 12:00pm 
Keynote/General Sessions 
he ei 12:00 - 1:30pm 
Z : Lunch and Expo 
’ d 12:00 - 7:30pm 
National TOIGO MCARTHUR DUPLESSIE President MCADAM ce 
Correspondent Independent Vice President | Founder and Building Senior Analyst 1:30 - 3:30pm 
; Keynote/General Sessions 
and Author Storage Enterprise 
ae Practical Workshops (6) 
Topics include: ROI/TCO; Management; 
CTO INSIGHTS EXECUTIVE PANEL a 
: 7 Expo 
KEVIN RANDY PAUL | STEVE | ROB =o 
cTO Director/CTO VP/CTO i Director/CTO VP/CTO 7:30 - 9:00pm 
Quantum StorageTek ADIC Compaq Crossroads Gala Dinner and Entertainment 
7:30 - 8:30am 
Buffet Breakfast 
Tutorials/Practical Workshops [cont.} 
Topics inctude: ROI/TCO; Management; 


Buffet Breakfast 
12:00 - 1:00pm 
Senior Vice President of and G 0 andCTO _—— President & CEO Keynote/General Sessions 
Storage Systems Microsoft Solutions 
IBM Buffet Dinner 
Buffet Breakfast 
JULIA KING == JON WILLIAM JOHN STEVE MARC FARLEY DIANNE Interoperability Lab 
Computerworld nsultant Worldwide Senior Analyst Storage Iluminata 
Research Storage Group 3:30 - 5:30pm 
Deployment 
i F 
DALY  CHALFANT RUTHERFORD  SICOLA SIMS Cocktails on the Expo Floor 
Friday, April 5th 
8:30 - 11:45am 
Deployment 


as il 11:45am 
aa Conference Concludes 





For more information and to register, visit 
www.storagenetworkingworld.com or call 1-800-883-9090 


HOTEL RESERVATIONS | PRE-CONFERENCE GOLF OUTING J 


' : | 

IDG Travel is the official travel company for : Complimentary Golf Outing for i 
| 

t 


Storage Networking World. They are your one- ; Registered IT Users 
stop shop for exclusive discounted rates on : 


hotel accommodations. The Pre-Conference Golf Outing, 


. sponsored by StorageTek, at the prestigious 
To reserve a hotel monte please visit : Marriott Desert Springs Palm Course is 
www.storagenetworkingworld.com : complimentary ($165 value} for registered IT 
and check the Housing page, or visit i Users (other participants, including sponsors and 
www.etcentral.com s vendors may play on “as available” basis and are 


You can also call our Conference Housing line responsible for all applicable golf outing expenses). 


at 1-800-340-2262 Call 1-800-883-9090 for Details! 


STORAGETEK 


: CONFERENCE REGISTRATION 


Registration Options: Earlybird Registration Full/On-Site Registration Package Includes: 


All Dollar Amounts in US Funds (through February 22nd) lor, after February 22nd) Conference | Expo, Meals | Technical 
a rn Sessions & Receptions Tutorials 


General Conference [April 3 & 4): 
(Includes Expo, Meals and Receptions) 


All Attendees 


Additional Options 
Technical Tutorials/Workshops [April 2&5) $395 Additional 


Total 4-day Package 
(General Conference & Technical Tutorials/Workshops) 


ye es eet 


To Register Visit www.storagenetworkingworld.com or Call 1-800-883-9090 
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NOISE FILTER 


With so many vendors pitching so 
many products, IT managers need 
a strategy to block out the market- 
ing blather and figure out which 
are the best products for their 
organizations. That’s why IT pros 
like IMG Worldwide’s Gergely 
Tapolyai (above) talk to peers to 
find out which vendors fudge the 
numbers and which ones deliver 
the goods. PAGE 36 


EDUCATIONAL 
ENTREPRENEUR 


Drexel University CIO John Bielec 
is pushing several IT initiatives to 
help his school make more money. 
For example, Drexel acts as an ASP 
for high schools and local colleges. 
Just don’t call the money these 

{ activities i genenste revenue. PAGE 38 


CIOCONTRACTS 


IT leaders who have made it to the 
executive suite are beginning to 
hammer out contract agreements 
that cover their compensation and 
benefits in the event of bankruptcy 
filings, takeovers and other actions 
they can’t control. PAGE 40 


WORKSTYLES 


Carie Allen, technology manager 
in the applications development 
group at West Group, a division of 
The Thomson Corp., talks about 
what it’s like to work at a company 
that makes software for the legal 
industry. PAGE 42 
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JOE AUER/DRI 


ING THE DEAL 


Finding Responsibility 


RE YOU ACQUIRING RESULTS OR RESOURCES? 

The answer to that question will yield a fifth important, 
essential “truth” whenever you negotiate a technology deal. 
About six months ago, I mentioned 10 of these truths, and 


detailed four of them. 


The answer to this “results or resources” question establishes which side 
will bear responsibility for the results you’re expecting from a deal, and you 
need that answer before your acquisition process begins. In a “results deal,” 
the vendor is responsible, while in a “resource deal,” it’s the customer. 

For more than 20 years, I have testified as an expert witness in court 


cases involving customer-vendor disputes, and 
almost every one revolves around the question of 
who’s responsible. In most of these cases, contractual 
responsibility for the success of the deal is unclear or 
mutual, or the vendor’s form contract has disclaimed 
any responsibility. The bottom line: If you, as a cus- 
tomer, fall short in a contract of clearly and com- 
pletely assigning full responsibility for final results to 
the vendor, you’re responsible. 

Aresults deal. In a results deal, you, the customer, 
effectively get the supplier to fully accept the risk of 
failing to produce the solution, or the expected out- 
comes or results. If the vendor’s representatives talk 
about “solutions” to your executives or end users, the 
vendor is held accountable for producing them. 

This sounds good, but you can shoot yourself in 


the foot if you’re not careful putting the deal together. 


You might say, “OK, we have them com- 
mitted to results. But we're going to 
manage the deal. After all, it’s our money 
and our project.” Don’t do it! That shifts 
some responsibility for results to you, and 
the vendor is off the hook. The vendor 
must have complete authority to have 
complete accountability. 

Another thing you might say is, “We 
have them committed to results, but we’re 
going to tell them the policies, equipment 
and staffing levels they must use.” This 
also ruins a results deal. I’ve seen count- 
less vendors avoid accountability because 
they were “forced” to do things according 
to their customers’ dictates. The cus- 
tomers got too proscriptive and shared 
responsibility for the outcomes. 

Another important point about a results 
deal: Make sure your obligation to pay a 





JOE AUER is president of 
Internationa! Computer 
Negotiations Inc. (www. 
dobetterdeals.com), 
a Winter Park, Fla., con- 
sultancy that educates 
users on high-tech pro- 
curement. ICN sponsors 
CAUCUS: The Associa- 
tion of High Tech Acqui- 
sition Professionals. 
Contact him at 
joea@dobetterdeals.com. 


vendor is triggered only by its producing the agreed- 
upon results, whether by reaching certain milestones 
or upon project completion. 

If it’s a results deal, why should a vendor’s invoice 
force you to pay? Why should a set monthly date, the 
signing of a contract, accepting delivery or anything 
short of contracted-for results require you to pay? 
Make sure your money is tied directly to the ven- 
dor’s performance. The satisfaction of having a good 
contract is exceeded only by holding payment until 
the vendor produces. 

A resource deai. In certain instances, there’s nothing 
wrong with a resource deal, especially if you don’t 
expect the vendor to produce the final results or out- 
comes. Maybe you just need some equipment, soft- 
ware or support to help you produce the results. 
Actually, sometimes you can’t predefine the results, 
or you may just need some tools to distrib- 
ute — like 3,000 desktop PCs. Or maybe 
you need help on a general software devel- 
opment team or ongoing maintenance 
work and the results aren’t predetermined. 
These are resource deals. In these deals, 
you must pay attention and manage the 
resources, tasks, time frames and progress, 
because you're responsible for the results. 

The first thing I do when I’m asked to 
help on a deal gone bad is try to determine 
whether it’s a results or resource deal. 
Who has the responsibility for the out- 
comes? In most deals I look at, the answer 
is unclear. If that’s the case, you'll never 
win a dispute that goes to mediation or 
court, where you're trying to blame the 
vendor for not producing the results or 
solutions that it so eagerly promised ver- 
bally during its sales pitch. D 





WARNING 


THIS FACILITY IS 
SUBJECT TO 
SUDDEN SHIFTS 
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When you think scalability, it’s time to think software. 


Today’s Web-driven worid demands a faster way to scale up The Microsoft server platform gives you the choice of thinking 


and out. But instead of thinking hardware, it’s time to think smarter bigger, smaller, up, or out. That way you can deploy Microsoft SQL 


software, as in the modular and scalable Microsoft’ server platform. Server™ 2000 on Windows’ 2000 Datacenter Server for heavy- 
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THINK UPTIME “Microsoft provides scalable and \ a ; ; 
ee eh ae : i a : terabytes of data and millions of transactions. Or scale out with 
products at an unbeatable price with the ability to scal ut | 


duty ERP and transaction processing, and scale up to support 


not just up. As a result we are able to add new Microsoft Application Center 2000 by adding clusters of Windows 


costly downtime Don Heckman, VP, Engineering Pro; 
Management, Qwest 
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2000-based servers running distributed applications. And it has 
the lowest price-to-performance ratio of any competitive platform.” 
So no matter how quickly things change, your business is 


always perfectly scaled to handle it. For more ways to scale 


up—and out—with software, visit us at microsoft.com/servers 


/scalability Software for the Agile Business 
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The killer 
deal isn’t all 
it’s cracked 
up to be. 

By Kathleen 
Melymuka 
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N IT MANAGER was negotiat- 
ing a big software deal at 
lunch with the president of a 
vendor company. The man- 
ager wasn’t getting his way, 
so he walked away from the 
table in a huff. The vendor 
caved in, lowered the price 
40% and made the sale. Later, the IT 
manager said he never understood why | 
that vendor’s service was consistently 
terrible. 
“We negotiate so hard with suppliers | 
that they don’t make any money, and | 
then we wonder why service is so 





poor,” says Bart Perkins. “You've got to 
let the other guy make a profit.” 

IT managers have a lot to learn 
about the process of choosing an IT 
vendor, says Perkins, former CIO at | 
Dole Food Co. and Tricon 
Global Restaurants Inc. 
who is now managing part- 
ner at Leverage Partners 
Inc., a consulting firm that 
splits its headquarters between | 
Louisville, Ky., and Washington. Lever- | 
age Partners helps companies acquire | 
IT products and services. | 

“Vendor buys” account for more than | 


aa 
eles 
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60% of a typical IT budget outside of 
personnel costs, Perkins says. In a 
Fortune 500 company, there may be as 
many as 400 people buying IT prod- 
ucts, and very few are giving the process 
much thought, he adds. 
Some are following archi- 
tectural standards, others 
are just buying what’s cool 
and expensing it. 

Some IT sales sneak in like Trojan 
horses, buried in plant equipment or 
taken on through mergers and acquisi- 
tions; others evolve — you bought 
telecommunications services from 


How to Choos 
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New England Telephone, which be- 
came Nynex and then Bell Atlantic, 
and now you're dealing with Verizon. 

“This is the real blocking and tackling 
of IT, and we put it on autopilot and no- 
body thinks about it,” Perkins says. But | 
a few IT leaders have given the vendor 
selection process a lot of thought, and 
they share some ideas about what 
makes their approaches work. 


Establish the need. “The day of 
deep pockets is gone,” says Jim 
Thannum, director of Internet 
engineering and communications 
at FedEx Services Corp. in Memphis. 
“The technology should advance the 
business. It’s not there to entertain us.” 


Select a team, “not just the tech 
people,” says Colleen Mahoney, 
director of vendor relations for 
information resources at Marriott 
International Inc. in Bethesda, Md. An 
all-tech vendor-selection team is a dis- 
aster waiting to happen because mem-_ | 
bers may get blinded by the technology. 
Include end users and people from 
finance, training, application develop- 
ment, vendor relations, legal and priva- 
cy/security, says Mahoney. At The 
Coca-Cola Co.in Atlanta, a team works 
with its Minority/Women-Owned 
Business Enterprise Program to keep 
minority firms in the selection loop. 


Choose a strategy, says Diane M. 
Stanko, director of procurement 
for global IT and services at Al- 
coa Inc. in Pittsburgh. For exam- 
ple, with technologies such as e-mail, 
databases and antivirus software, 
there’s a competitive advantage in en- 
abling standard, worldwide use. In oth- 
er areas, such as telecommunications, a 
standard may not be critical. 
Decide how to go to market as well. 





“We try to take full advantage of the 
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competitive marketplace using e-tools 
such as online bidding and e-procure- 
ment,” Stanko says. 


Write a request for proposals (RFP). 
It will force the team to think 
about what’s important. “We look 
at architecture, maturity, cost, 
serviceability and reliability of prod- 
uct,” says Thannum. “We look at their 
customer base, pricing arrangements, 
support and company stability. We 
need to be sure if a product touches 
our customer that we have 24-by-7-by- 
365 support. That’s the rule.” 
Determine your evaluation criteria 
and the amount of weight accorded to 


each requirement as you write the RFP, | 


Perkins suggests — and don’t waver. 
He tells of one company that changed 
the weightings to keep its emotional 
favorite from being bypassed. “It com- 
pletely derailed the entire selection 
process and threw the project into a 
tailspin from which it never recov- 
ered,” he says. 


Focus on total cost of ownership, not | 


just initial cost, says Perkins, and 

don’t get hung up on how much 

each department pays out. Look 
at how much your company pays. 


Develop your negotiation strategy in 

parallel with your RFP, Mahoney 

says. For example, Marriott de- 

mands that a product work to the 
specifications it outlines before paying 
for it. “It doesn’t make any sense to 
hide these things and spring them on 
the vendor after the fact,” she says. 
“We want to be upfront because we 
want them to do the same.” 


Consider the value of relationships as 


you evaluate bids, Mahoney adds, 
“because not all [vendor] rela- 
tionships are created equal.” 


For example, because Coca-Cola has 
identified roughly 20 strategic suppli- 


ers, it can often target one or several of | 


them and skip the RFP, says Kimberly 
Fey, relationship manager for informa- 
tion infrastructure. 

If you’re rebidding a product or ser- 
vice that’s already in place, consider 
the value of incumbency. “There is a 
cost to change,” Perkins says. “Figure it 
out upfront.” 

Also, think about intangibles. If a 
prospective vendor is one of your 
biggest customers, will it take its busi- 
ness elsewhere if it doesn’t get the 
deal? “Don’t forget to factor the value 
of that relationship into the equation,” 
Perkins says. 


Keep your options open. As you ne- 

gotiate, deal with multiple ven- 

dors simultaneously, Perkins says. | 

“If you can get a little bidding 
contest going, that can be a good thing 
— within reason.” Also negotiate the 
concerns of all your team members — 
from legal to training — in parallel, not 
serially, he says. Otherwise, concerns 
left until the end may not get the atten- 
tion they require. 

For example, during the negotiation 
and contracting process, Coca-Cola 
works with its strategic suppliers to 
identify second-tier opportunities for 
minority and women-owned businesses. | 


Be a good customer. Understand 
the cost structure of the vendor | 
so you can help it cut you a better | 
deal, Perkins says. For example, if | 
you were buying PCs fromareseller, | 
you could offer it an advance monthly 
buying forecast. That saves the reseller 
money in RFPs it won’t have to answer, | 
inventory it won’t have to stock unnec- 
essarily and scheduling costs because 
company officials know the workload 
in advance. In return, you should ex- 
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pect great prices and service levels. 

This win/win approach is at the 
heart of all good vendor agreements. 
“Both sides must benefit from the rela- 
tionship,” Mahoney says. “If we struc- 
ture a contract where only we benefit, 
we may end up not getting the best of 
their resources.” 


Split the contract between two 

vendors if possible, Perkins says. 

“From the IT standpoint, you 

may want to standardize, but 
from a business point, you have to look 
at [the] entire value of the business,” 
he says. 

Splitting a contract isn’t always de- 
sirable, but it can be done if you’re 
dealing with commodity hardware, 
systems integration or telecommuni- 
cations services. “You can give 60% to 
AT&T and 40% to MCI,” says Perkins. 
“It keeps them on their toes. And if 
they mess up, it’s easier to change it.” 


Anticipate the future. Perkins 
once negotiated for a software 
contract at a time when he 
knew his company was likely to 
spin off a division within two years, so 
he wrote into the contract the ability to 
transfer licenses at the same price. 
“You don’t always have that luxury, 
but, to the extent you can, address it,” 
he says. That goes for impending 
mergers and acquisitions as well. 


Don't let technology turn your 
head. “It’s so easy to get enam- 
ored with technology,” 
Thannum, “but you've got to 
look at it in terms of all those other 
metrics. You’ve got to stay pragmatic.” D 


says 


To find out where your company 
ranks in terms of how it selects 
vendor products, go to: 
www.computerworld.com/q?27160 


an IT Vendor 
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When your company's information availability is riding on you. 


Access to critical business information. It can 
disappear faster than you can say Hi Yo, Silver!™ 
With the SunGard Availability Services net beneath 
you, your access to your Critical business information 
is there, without fail. More than 8,000 companies rely 
on our affordable, responsive services, 24/7. 


Get the net beneath you: 


INFORMATION AVAILABILITY 
MANAGED HOSTING 
CONSULTING 


Don’t go it alone. Get the people and technology 
of the SunGard net beneath you. We're ready to ride. 
Learn more at: www.sungard.com/availability 


Now, Comdisco® Continuity Services 
LO is part of SunGard’s net beneath you. 
" Our combined synergies offer you the broadest 
range of high availability options, unparalleled depth 
of technical expertise, as well as more redundant 
facilities, equipment and networks across North 


America and Europe. 


SUNGARD’ 


Availability Services 
The Net Beneath You 








N END-TO-END, state-of-the-art, 
leading-edge solution that 
blah, blah, blah. Face it, every- 
one offers an end-to-end, 
state-of-the-art, leading-edge 
blah, blah, blah. 

So Gergely Tapolyai, global network 
and telecommunications director at 
Cleveland-based sports, entertainment 
and literary marketing firm IMG 
Worldwide Inc., cuts to the chase. 

“We're not looking for the positive 
feedback,” he explains. “We’re looking 
for the negative feedback.” 

Take the time Tapolyai was shopping 
for an Internet service provider that 
could offer IMG high-speed connec- 
tions in 37 countries. He had narrowed 
his search to two finalists. Then he got 
the real dirt from his peers. 

Which vendors fudge on the num- 
bers when it comes to uptime? Who’s 
inflexible with their contracts? 

fapolvai turned to Chiefofficer.com, 
a closed online community of senior 
executives that he helped create. 
“They did sway me a lot,” he says of 
the advice he got there. So much so 
that he chose a company that wasn’t 
even in the running: UUNet. The Ash- 
burn, Va.-based unit of WorldCom Inc. 
was the firm with which his peers 
seemed to have the fewest and least 
significant problems, says Tapolyai. 

Call it survival of the fittest, but with 
so many vendors making so many 
pitches about so many products, IT 
managers need a strategy to filter out 
all the noise and home in on the prod- 
ucts that will do the best job. 


Where to Start 


The best way to get started? “Re- 
search, research, research,” says Jamie 
Gruener, a senior analyst at The Yan- 
kee Group in Boston. 

First, make sure the product offers a 
quantifiable return on investment. And | 
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don’t just accept figures that vendors 
toss out, Gruener warns. Make sure 
you understand how they come up 
with those numbers, and determine 
your budget ahead of time so you 
know exactly what the ROI will be. 

“Everybody’s jumping on the band- 
wagon about ROI,” says Gruener. “But 
the numbers are interesting, like [total 
cost of ownership]. People need to be 
wary.” 

Tapolyai says that before aay 
he even looks at products, 
he weeds out the vendors. 
He finds out the direction 
the industry appears to be heading and 
determines whether all of the vendors 
are moving in that direction. Then he 
weighs the vendor’s stability vs. its 
ability to provide personalized service. 

Start-ups can offer good value and 
innovation, says Gruener. But it’s im- 
portant to question the risks. “What 
kind of funding do they have? How is 
support handled?” he says, adding, 


les 


“Sometimes it isn’t worth the risk.” 
Wilma Kumar-Rubock, vice presi- 
dent and CIO at Washington Gas Light 

Co. in Washington, suggests visiting 
vendors’ development sites to make 
sure they’re not fly-by-night opera- 
tions. Sometimes, there are no behind- 
the-scenes people, and what you see is 
what you get, she says. She also sug- 
gests hiring research firms to look un- 
der the hood to find the 
details that vendors may 
be trying to hide. 

Another way to reduce 
the risk of working with a 
start-up is to plan an exit strategy so 
you can get out of a contract if things 
don’t go as planned, advises Dorothy 
Hawkins, vice president of IT for the 
energy distribution group at NiSource 
Inc. in Merriville, Ind. Also, be sure 
you and the vendor agree upfront on a 
clear set of deliverables, she says. 

Tapolyai says he makes it a point to 
get past the salespeople and speak di- 


NEGATIVE FEEDBACK from peers plays a key role in IMG Worldwide’s decisions about 
prospective vendors, says Gergely Tapolyai, network and telecommunications director at IMG. | 
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rectly to the engineers during the buy- 
ing process to learn exactly what he 
can expect from them. 

“Once the signature is on the con- 
tract, they’re gone,” he says of the sales- 
people. “I want to see a structured lay- 
out — what happens if this person gets 
hit by a bus? Who’s going to take over? 

I am pretty much a pain in the ass.” 


The Customer Knows Best 

Jon Dell’Antonia, vice president 
of MIS at OshKosh B’Gosh Inc. in 
Oshkosh, Wis., starts the buying 
process by working with end users to 
determine exactly what they want the 
system to do. Then Dell’Antonia and 
the end users come up with a list of 
potential vendors, rank their top two 
or three priorities and meet with the 
vendors. 

“If you’ve got your requirements de- 
fined, then it’s, ‘Here’s what we need, 
tell us what your product can do to 
help us,’ ” he says. If vendors “waltz 
around” the topic, Dell’Antonia says he 
just asks flat out if they’re able to meet 
a specific requirement. If they can’t, 
he’ll end the meeting right there. 

He also recommends that you ask 
vendors for customer references and 
then check with those customers to 
find out how their products were in- 
stalled, how the support was, whether 
the product still works and so on. 

“If they can’t give you good, solid, 
positive references, then you've got to 
wonder,” Dell’Antonia says. 

Finally, before making a decision, 
Dell’Antonia sits down with his entire 
team — IT staffers and end users — to 
review the offerings and take a vote. 

“It is not just an IT-driven process,” 
he says . “It’s not, ‘We pick it, you get 
it.’ If you don’t involve your end user in 
the selection of your system, it ain’t go- 
ing to work. You're just setting yourself 
up for failure.” D 


Filtering Out the Noise 


Endless mat ‘keting y 


ather makes it hard to spot the right 


IT products for your organization. By Melissa Solomon 





Lesson number one in global acquisitions: Getting different 
business cultures to work together smoothly is no walk on 
the beach. Trying to get different networks to do the same 
can be an even bigger hassle. So how do you make suddenly 
acquired systems work for you— instead of against each 
other? 

You team up with AT&T. Like Tower Automotive, a 
leading auto-parts manufacturer with more than 70 plants 


around the world. They considered using other carriers or 


Call AT&T toll free at | 866 335-7865 or visit us at www.attbusiness.com/return 
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managing their own network in-house. AT&T’s reliable and 
cost-efficient solution “won hands down.’ 

We converged multiple complex business applications onto 
a single integrated wide-area network. One that supports 
voice, fax and data traffic, vastly improving bandwidth 
efficiency. The result: fewer headaches and lower costs. In 
need of less stressful network consolidation? Bring in AT&T. 


Results: Measurable. Possibilities: Boundless. 
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Big Man 
On Campus 


Moneymaking lessons from Drexel 
University’s John Bielec. By Julia King 


REXEL UNIVERSITY CIO JOHN BIELEC MAY 

work for a not-for-profit institution, yet the 

man is a consummate entrepreneur, a per- 

son who clearly thrives on making or saving 

tens of thousands of dollars in the course of 
doing his job. 

Consider the deal Bielec has going with software 
giant SAP AG, from which Drexel collects an esti- 
mated $100,000 per year in subsidies in exchange for 
hosting SAP software that other colleges and high 
schools tap into for teaching purposes. 

Add to this the estimated $1 million-plus that 
Drexel receives for providing outsourced computing 
and networking services to nearby MCP Hahnemann 
University in Philadelphia, Cabrini College in Rad- 
nor, Pa., and Neumann College in Aston, Pa., and the 
total amount of incoming dollars easily stretches into 
seven figures. 

Just don’t call it revenue. Instead, Bielec prefers to 
quantify the incoming dollars in terms of the addi- 
tional benefits and services they enable Drexel to of- 
fer its own user community of 20,000 students, facul- 
ty and administrators. 


High-Capacity College 

“It turns out that Drexel’s computing environment 
is significantly more robust today because of these 
arrangements,” Bielec says. For example, Drexel 
boasts more than 50 high-capacity IBM and Sun Mi- 
crosystems Inc. servers and an 8TB storage-area net- 
work. Its 62-acre urban campus was the nation’s first 
100% wireless university. 

Additionally, all software upgrades and changes 
are conducted automatically over the network, and 
all students and faculty members have access to a 
broad array of IT-enabled capabilities, including 


| 
| 


vestments without these arrangements,” Bielec 
notes, although he declines to disclose the universi- 
ty’s annual IT budget or to quantify how much its 
various moneymaking deals bring in each year. 

“As you're able to invest more dollars, your win 
comes from capacity, which increases exponentially,” 
he explains. “The IT business isn’t a one-for-one re- 
lationship. There’s a doubling, even a quadrupling of 


| capacity [for every dollar invested ].” 


Any new capabilities or services that Drexel is able 
to develop with the additional money are in turn ex- 
tended to its “customers.” 

Cabrini College, for example, now offers about a 


| dozen online classes. It will be a 100% wireless cam- 


high-speed Web connections — 100M bit/sec. service | 


to each and every outlet on campus — and a private- 
label online bank. Everybody on campus uses the 
Web for everything, from registering for courses and 
paying tuition to filing term papers, taking tests and 
checking grades. 

“We never would have been able to have these in- 


pus, like Drexel, by next year. 


I’m basically an 
incrementalist. | can see 
the possibilities, but | 
don’t want to get sucked 
into the big picture. 


JOHN BIELEC, CIO 
DREXEL UNIVERSITY, PHILADELPHIA 
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We couldn’t have done that on our own,” says Nan- 
cy Santos Gainer, a spokeswoman for the 2,100- 
student liberal arts school. Cabrini’s marketing plan 
includes attracting new students with its high-tech 
campus. 

Moreover, “when we go completely wireless, there 
will be no need for PCs in our computer labs [since 
students will use their own laptops],” she says. 
“We're trying to get out of the hardware business by 
swapping assets for access [to Drexel’s IT facilities].” 


‘Salami Tactics’ 

It’s a switchover that Bielec will accomplish using 
what he calls “salami tactics.” This entails “slicing 
away” all noncritical hardware, software and other 
IT assets that are physically located at the Cabrini 
campus “while providing access to equal or better 
service than they had before,” he says. 

Cabrini, like all of Drexel’s outsourcing customers, 
has access to the same suite of Web-based services, 
ranging from financial and accounting to human re- 
sources and student administrative applications. All 
of these services run on commercial software pack- 
ages hosted on Drexel’s computers. It’s then up to the 
customers to use what they want from the uniform 
menu of services Drexel offers under a basic applica- 
tion service provider model. 

“Rather than customize any system to empower 
users, we give users access to customized tools, 
which they can use to develop queries,” Bielec 
explains. 

Looking ahead, Bielec says he foresees using this 
same architecture and business model to offer a 
broad range of additional services to even more mid- 


| size universities and high schools. These could in- 


clude online procurement of books, office furniture 
and laboratory supplies through affinity relation- 
ships that Drexel establishes with retailers that sell 
those types of products. 

“If Cabrini wanted a CabriniBank.com, for exam- 
ple, it would be very simple for them to have that,” 
Bielec says. That’s because of a relationship Drexel 
has with Dallas-based Paymentech LLC, the vendor 


behind its own A.J. Drexel Bank. 


“I’m basically an incrementalist,” Bielec says. “I 
can see the possibilities, but I don’t want to get 
sucked into the big picture.” 

At least one outside expert is skeptical about the 
viability of Bielec’s vision. 

“Drexel may want to spend money putting an [on- 
line] bank in, but others may not want to. The danger 
or the risk is of unaligned services,” says Peter Ben- 
dor-Samuel, president of Everest Group Inc., a Dal- 
las-based outsourcing consultancy. 

“What we’ve found is that the not-for-profit shared 


services group simply fails,” Bendor-Samuel says. 


“There’s a necessity for ongoing investment, and the 
problem becomes everyone seeking to pass the buck 


| and have someone else invest in it.” 


But Albert Nekimken, an outsourcing analyst at In- 
put, a Chantilly, Va.-based market research firm, has 
a different take. “The lesson to be learned here is the 
rule of the Internet Age — that you can’t predict 
where your competition will come from,” Nekimken 


| says. “To many IT outsourcers, it has never occurred 


that the university down the road would become a 
competitor.” D 
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ClOs who have finally 
gained a seat at the table 
need to know what kinds 
of customized contracts 
and employment terms 
they should request from 
their companies - and 


the gotchas to avoid. 
By Kim S. Nash 
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BUSINESSC: 


T USED TO BE THAT ONLY corporate royalty — 
CEOs, presidents and chief financial officers — 
demanded and received customized contracts 
that specified employment terms and locked in 
juicy parting deals or “golden parachutes.” 

But elite CIOs who have earned the same kind of 
clout are now learning which terms work to their ad- 
vantage and which ones don't. 

Take, for example, Manny Moslemi, who was CIO 
at now-defunct Grand Union Co., a supermarket 
chain in Wayne, N,J. 

A four-year employment agreement didn’t protect 
Moslemi when Grand Union filed for Chapter 1 
bankruptcy protection in October 2000. Under 
Chapter ll, a company’s senior managers become un- 
secured creditors and get stuck at the bottom of the 
list of individuals or organizations to pay. 

Some CIO contracts include provisos regarding 
how much severance money is due if a company must 
start a formal reorganization or liquidation process 
A bankruptcy judge would decide whether an execu- 
tive would ever see that severance, but a legal contract 
could at least give a departing CIO a fighting chance. 

But Moslemi didn’t have that kind of deal. He got 
nothing when Grand Union folded last March — no 
salary, no bonus, no health insurance. 

“T learned a hell of a good lesson,” he says. 

On the other end of the spectrum is Wayne Sadin, 
former CIO at Bank United Corp. in Houston. 

When Seattle-based Washington Mutual Inc. took 
over Bank United last February, Sadin walked away 
with a bundle. His contract netted him twice his an- 
nual salary and bonus and continued his health in- 
surance. All of his stock options and other shares 
vested immediately. “In a 12-month period, I received 
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10 years’ worth of compensation,” he says. 

Some CIOs negotiate custom contracts with 
unique provisions. For example, Nick Ioli, CIO at 
The Great Atlantic & Pacific Tea Co. in Montvale, 
N,J., has a clause in his contract stating that if he’s 
asked to report to anyone other than the CEO, he can 
quit and receive his salary, bonus and health benefits 
for the next 18 months. 


Sweetening the Pot 

Special extras are often granted during the recruit- 
ing process as deal-sweeteners, says Beverly Lieber- 
man, a principal at Halbrecht Lieberman Associates 
Inc. in Stamford, Conn., which specializes in recruit- 
ing IT executives. 

Lieberman once helped broker a deal for an IT 
manager who insisted that the company let him 
use his own airplane for company travel. He was a 
pilot and wanted to continue flying. 


GRAVITY 
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“You never know till you ask,” Lieberman says. 
Sometimes there are trade-offs with these finely 
worded agreements. A company may restrict an ex- 

ecutive in some way but offer a hefty monetary re- 
ward in return. Noncompetition provisions are one 
example of such an agreement. (See Marc Rubinger’s 
profile, below.) 

Loyalty provisions are another example. Part of 
Kenneth Gerhardt’s contract as CIO at ConAgra 
Foods Inc. in Omaha calls for him to support the 
board’s position if another company tries to acquire 
ConAgra. In return, Gerhardt gets guaranteed em- 
ployment and compensation — plus early retirement 
benefits — for three years after any takeover. 

Employment contracts also help balance the 
risk/reward ratio when taking a job at a new com- 
pany, says Bruce Goodman, CIO at Humana Inc., a 
$10 billion health care company in Louisville, Ky. 

“I know the upside potential if everything goes 
really well,” he says. “What’s the downside if things 
turn out to be hell? What do I want to get out of this 
to make my move worthwhile?” 


KEY CONCEPT: Change in 
control — what happens to 
an executive when his com- 
pany is acquired. 


BRUCE 
GOODMAN, 
clo 
rir BL 


CONTRACT EXCERPT: “The 
etsy Ky CONTRACT EXCERF The 


company has entered into 

agreements with [senior] of- 
ficers, including ... Goodman ... which for a two- 
year period following a change in control provide 
certain benefits upon termination. . . . Under 
these agreements, these individuals would be enti- 
tled to receive severance pay... by a multiple 
ranging from one to one and one-half.” 


WHAT IT MEANS: Change-in-control provisions 
protect an executive financially in the event that 
his company is acquired. In this case, Goodman 
could get a severance of up to 1.5 times his salary 
and bonuses if Humana is bought by another 
company and the new firm decides not to retain 
him. And that severance deal would apply for 

up to two years after Humana’s ownership 
changed hands. 

It’s a pretty good bet that managers at the acqui- 
sition target aren’t likely to keep their jobs with 
the new company. When negotiating a change-in- 
control provision, try to maximize all stock op- 
tions, restricted stock, salary and bonuses due. 

For example, if a contract calls for getting 12 
months’ salary when terminated in routine cir- 
cumstances, a change-in-control clause might 
call for that salary plus a sum equal to last year’s 
bonus, plus the immediate vesting of all stock 
options. 
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Sometimes CIOs and chief technology officers 


| simply participate in the standard employment con- 
; tract a company offers to all senior executives. 


Ron Rose, CIO at Priceline.com Inc. in Norwalk, 


Conn., has such an arrangement. Filings with the U.S. 
| Securities and Exchange Commission show that ex- 
| cept for salary and stock-option grants, Rose’s em- 


ployment agreement is the same as those of Price- 
line.com’s CFO, chief marketing officer and others. 
Dennis Jones, former CIO at FedEx Corp. in Mem- 


| phis, says he doesn’t like contracts that give a CIO 


anything beyond what other officers get. Otherwise, 
resentment of the CIO could emerge, he says. That’s 
no good, given that on average, a CIO stays in a posi 


| tion for just 15 months. 


“I do not believe a CIO should be treated as an ex- 
ception. That just creates a lot of issues that, frankly, 
CIOs don’t need to deal with,” Jones says. “CIOs are 


| already an endangered class of employee.” D 


Nash is a freelance writer in Yorktown Heights, N.Y. 


Reach her at kimnash2002@yahoo.com. 


The Fine Print 


KEY CONCEPT: Consulting 
agreement — retaining criti- 
cal benefits after leaving a 
full-time post. 
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aaa CONTRACT EXCERPT: “The 


company shall ... provide 

Jones and his dependents 
coverage under the company’s employee benefit 
plans to the same extent that coverage existed ... 
before; reimburse Jones for not otherwise reim- 
bursed reasonable and necessary travel and lodg- 
ing expenses incurred in seeking other employ- 
ment; provide, at its expense, tax and financial 
counseling services ... [and] use its best efforts to 
provide executive access for Jones and . . . family 
...to Disney World and Disneyland. 


WHAT IT MEANS: When Jones retired as CIO at 
FedEx in August 2000 and became a FedEx con- 
sultant, he hung on to a lot of the benefits he en- 
joyed when he was working there full time. 

In a deal that promised him $48,500 per month 
through December 2002, he and his family also 
kept their health insurance, financial planning 
services, high-speed Internet access and vacation 
entertainment. 

Jones didn’t complete the term; he joined Com- 
merce One Inc. in Pleasanton, Calif., as chief oper- 
ating officer last April. But except for the provi- 
sion that covered his job-hunt expenses, his con- 
sulting contract didn’t win him anything special, 
Jones says. The provisions — including the Disney 
passes — were in keeping with what FedEx offers 
all of its senior executives 


I know the upside 
potential if every- 
thing goes really well. 
What’s the downside 
if things turn out 
to be hell? 


BRUCE GOODMAN, 
ClO, HUMANA INC. 


KEY CONCEPT: Noncom- 
pete provisos — what can 
and can’t be said and done 
after leaving a company. 


ee 
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Ventures Inc. 


eee em CONTRACT EXCERPT: For 
1h hoi he 818 fold ome ate! 


two years after leaving 

the company, the “execu- 
tive shall not, except with company’s express prior 
written consent, directly or indirectly, in any ca- 
pacity ... establish, engage ... any person in any 
business in competition with company, at any lo- 
cation within 15 miles of any office .. . or conduct 
himself in any manner which he would have rea- 
son to believe inimical contrary to the best inter- 
ests of company.” 


WHAT IT MEANS: If Rubinger leaves Genesis Health 
Ventures, he can’t work for or help any company 
that Genesis Health Ventures views as a rival for at 
least two years. And even then, he’s required not to 
do anything that could hurt his former employer. 

The contract also prohibits him from soliciting 
customers or suppliers of Genesis Health Ventures 
and from recruiting its employees for two years. 

Rubinger’s contract puts a 15-mile radius on 
these provisions; other noncompetition agree- 
ments are more prohibitive, stipulating, say, 

35 miles. 

Noncompete clauses are pretty restrictive, but 
in return, executives often get nice parting gifts. 
For example, under certain scenarios, Rubinger 
could receive up to two years’ salary, plus a lump 
sum equal to the value of some of his stock op- 
tions, with other options immediately vesting. He 
would also continue to receive health insurance 
and other benefits for up to two years. 
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Dear Career Adviser 


As an independent consultant, I’ve been asked to prepare 
several extensive proposals during the past several 
months, but I haven’t gotten any new work. How should 
I respond to prospective clients who want extensive pro- 


posals before they hire me? 


Dear Burned: 

When budgets are slim, 
consultants frequently com- 
plain about potential clients 
who request proposals but 
then don’t respond with offers 
of paid work. Some clients use 
the proposals to benchmark 
competing proposals, while 
others use them as well-laid- 
out (and gratis) game plans for 
doing the work themselves. 

To avoid being burned, fol- 


| low these preproposal basics: 
| Ask the potential client about 
| the company’s budget and 

| budget cycle for the current 


year and the next, and find out 


| how decisions to use consul- 

| tants are made and who the 

| decision-makers are. Also, ask 
| about the client’s time frame 

| for making a decision and ini- 
| tiating work, the number of 

| proposals being solicited and 

| the staff members who will 


attend proposal meetings. 


WORKSTYLES 


Working Smarter 


At West Group 


Carie Allen, technology man- 
ager in the applications devel- 
opment group at West Group, 
a division of Toronto-based 
The Thomson Corp., talks 
about what it’s like to work at 
the company, which provides 


Has the economy changed the 
way your department operates? 
“Employees here have taken 
it upon themselves to work 
smarter. If there’s a group of 
people who want to attend a 
conference, they choose the 
best person to go, and that 
person comes back and 
teaches what they learned.” 


Is that type of response indica- 
tive of your culture? “You read 
in the paper about the many 
companies in the Twin Cities 


: laying off people by the 

: thousands. And it might 
sound corny, but I think it’s a 
: positive reflection of a large 

: company that has given a lot 
: to its employees, and the em- 
: ployees appreciate that and 
software for the legal industry. : 
: back to the company.” 


are looking for ways to give 


: What are the most critical busi- 
: ness functions supported or de- 
: veleped by the IT group? “The 
: technical services group 

: houses the data repository 

: [containing legal, regulatory 
: and business information], 

: maintains data integrity, 

: manages storage and devel- 

: ops and deploys the Web 

i servers. The applications 

: group develops the user 

i interface software, and the 

: database group does content 


— BURNED IN BUFFALO 


Never just fax or e-mail 
your proposal. Prepare your 
prospective client to meet 
with you face to face, and be 


| sure it’s clear that you want 


feedback on your submission. 
Finally, if your proposal in- 
cludes a detailed analysis that 


| a prospective client could use 


on its own, offer to analyze the 
client’s needs, requirements 


| and alternative solutions and 
| provide documentation in key 
| areas — for a fee. 


: conversion and preparation 
: of the data to be housed in 
: the repositories.” 


: How would you describe the 

: pace of the work? “We have 

: done some proactive things 

: to keep it as steady as possi- 
: ble, such as monthly releases 
: of software applications, not 
: three very large releases in 


ple balanced with routine 
hings but also with projects 
hat allow access to new 

: technology.” 





| you might have im- 


If the client resists these 
moves, find someone else who 
will pay you. 


Dear Career Adviser: 
I have a computer science de- 
gree with a background in Java 
programming and databases 


| using Oracle and Access. After 


graduation, I took a job on an 
IT help desk after looking for 
work for four months. I current- 


| ly workina 


telecommunica- 
tions company as a 
support specialist 


for Internet, data 


and mobility faults. 
Now I want to 
know how I can 
move up. 

— MOVING UP 
FROM HELP DESK 


FRAN QUITTEL is an expert 
in high-tech careers and 
recruitment. Send 
questions to her at 
www.computerworld.com/ 
career_adviser. 


Dear Moving: 


In years past, 


: of our new platforms is mul- 
: tilingual. No one on the de- 

: velopment team speaks 

: Japanese, so they were out 

: looking on Japanese Web 

: sites and in chat rooms, talk- 
: ing to people across the 

: world about how to handle 

: different technical issues. It 

: was something completely 

: out of the realm of things 
one year. We try to keep peo- : 


” 


they’d worked on before. 


: What do you think makes your 

: company’s IT department 

: unique? “Employees at all 

: levels have the power to 
Can you give an example? “One : 


make a difference. That in- 


West Group 


Who they are: The leading provider of 
electronic information software to the 
U.S. legal market 


Main location: Eagan, Minn. 


Number of IT employees: 1,300 


Interviewee: Carie Allen, technology 
manager in the applications develop- 
ment group 
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pressed an interviewer by 
working on a help desk and 
building Web pages for non- 
profits or coding at home. 
However, in this market, these 
skills aren’t good enough to 
compete against the talent 
pool of five-year Java and 
Oracle developers who are 
also available. 

Plan to spend a year or two 
on the help desk until the mar- 





ket eases, says recruiter Sam 
Merchant, CEO of 
DML Technical 
Resources Inc. in 
Oakland, Calif. 
During that time, 
learn the code be- 
hind the applica- 
tions you’re sup- 
porting inside out. 
That way, when a 
development job 
opens up, either 
within your com- 
pany or at a com- 
petitor, you'll be 
ready. D 


: spires people to take risks, 

: to bring things to the table 

: and work smarter. We also 

? have an end-of-year discre- 

: tionary bonus given to 15 

: employees who had excep- 

: tional contributions through- 
: out the year.” 


: What do you like best about 

: how career advancement and 

: training are handled? “We en- 
: courage employees to look 

: not just for upward move- 

: ment but also lateral move- 
; ment.” 


: What aspect of work do you 

: look forward to each day? “I’m 
: restless, and I tend to always 
i be striving toward the next 

: thing that will stump me, so 
I'd say the challenge of my 

: job keeps me fired up. I’m 
always learning from other 

: people and technologies I’m 
: encountering.” 


: What aspect do you dread each 

: day? “If I dreaded some- 

i thing, I’d be out of here.” 

: - Mary Brandel 
thebrandels@hotmail.com 
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T'S THE 
LEADING 
DATABASE 

IN HEALTHCARE 


More hospitals run their “life-or-death” applications 
on Caché than on any other database system. 

With reliability like this - demonstrated by the world’s 
most critical applications - you should consider Caché 
for your applications. 


The speed and scalability of Caché are superior to the 
leading relational database products, even though it 
runs on much less expensive hardware and requires 
far less database administration. 


Caché uniquely combines robust object and relational 
technologies, coupled to a multidimensional data 
engine. Plus, it includes a rapid Web application 
development environment. 


Caché is backed by 24x7 support from InterSystems - 
a leader in high performance databases for 23 years, 
with 4,000,000 users* worldwide in healthcare, 
financial services and other industries. 


InterSystems » 


Eu. CACHE 


Make Applications Faster 


Download Caché for free or request it on CD at www.|nterSystems.com/Reliable 


* InterSystems’ database technology is used by Ameritrade, Hitachi, Johns Hopkins, Kennedy Space Center, 
Pepsi Cola, Prudential Insurance Co., Shell, U.S. Army, World Bank and other successful enterprises. 
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ICHOLAS PETRELEY 


‘Get Back’ to IBM 


COUPLE OF WEEKS AGO, I suggested that IBM has an ace 
in the hole called “hardware devolution.” The best way to 
describe hardware devolution is to examine the so-called 


Aad 


"s Paul Konkel 


New multiplatform, XML-enabled, 
event-driven job scheduling tools 
represent several leaps forward 


from their venerable mainframe 
predecessors. PAGE 46 


TRANSFORMING ENERGY 


Power companies struggle to 


reinvent their processes with tech- 
nology in an industry that’s still in 
a state of flux. PAGE 48 


FUTURE WATCH 


Writing software and building 
computers to play board games has 
taught computer scientists a great 
deal about artificial intelligence. 
Now experts say new techniques 
for programming computers to 
play games are likely to find use 
elsewhere. PAGE 50 


QUICKSTUDY 


Unless it’s wireless, a network 
exists only because of the cables 
that connect various computers, 
servers, printers and other devices. 
Find out what makes a cable more 
than just a wire in this week’s 
primer. PAGE 52 


SECURITY JOURNAL 


Someone has been accessing a 
sales staffer’s computer at night, 
leaving a trail of Web site addresses. 
Security tools identify a potential 
internal perpetrator, but it’s human 
detective work that finally closes 
the case. PAGE 54 





evolution of the PC. 


If the word Beatles makes you think of screaming teens 
fainting over the Fab Four, you’re probably old enough to remember how 
the first PCs secretly invaded our workplace. “In My Life,” I recall that the 


“Revolution” began because whenever anyone wanted 
something from computer services, the answer was 
“Don’t Bother Me,” “You Can’t Do That” or, worst of 
all, “No Reply.” The PC gave users the ability to cir- 
cumvent computer services. Naturally, the company 
policy was often that, “ ‘If You’ve Got Troubles,’ it 
doesn’t matter how much you ‘Twist and Shout’ for 
‘Help.’ ‘Think for Yourself,’ because we’re not going 
to ‘Carry That Weight.’ ” But we kept on using the 
PCs “In Spite of All the Danger,” because when they 
worked, “A Hard Day’s Night” at the PC usually gave 
us the answers we wanted. 

Then we got on “The Long and Winding Road” of 
networking so that our PCs could “Come Together” 
to share resources, such as printers and hard drives. 
Computer services morphed into IT, which better 
described the broader responsibilities of managing 
all the networked desktop computers and everything 
stored on them. The computer room started filling up 
with servers. Thanks largely to “The Fool on the Hill” 
in the Northwest, everyone wore beepers and worked 
“Eight Days a Week,” “Fixing a Hole” “Here, There 
and Everywhere.” As the problems increased, so did 
the budgets to address them. 

The demands of enterprise-scale applications, 
followed by the need to provide high-availability ser 
vices on the Internet, meant that IT had to purchase 
more PC servers to handle those demands. More 
servers meant more components and more 
software installations, and IT departments 
had to look after “Every Little Thing.” 

Vendors figured, “We Can Work It Out” 
and make some “Money (That’s What I 
Want).” So some vendors consolidated 
servers into racks, and others created KVM 
switches to manage several servers with a 
single monitor, keyboard and mouse. 

So there they were. Gobs of computing 
power in dozens of servers all in one rack, 
and no easy way to distribute and redis- 
tribute the various tasks and loads across 
them. There’s clustering, but clustering is 








“I'll Be on My Way.” 
“You Know My Name 
(Look Up the Number)” 
or send me e-mail at 
nichoias@petreley.com. 


easy “For No One.” If you can solve that problem in a 
hardware box, “Baby, You’re a Rich Man.” 

Enter server blades, which are low-power server 
cards that you can combine on a backplane in less 
space than a rack. Blades are easy for just about 
anyone. At the low end, for $600 a pop, OmniCluster 
has a SlotServer you can plug into the Peripheral 
Component Interconnect slots in your existing server 
machines. One server suddenly becomes two, three, 
four or more. And OmniCluster runs the fastest- 
growing server operating system, Linux, in addition 
to Windows. 

At the high end, you’ve got solutions like Egenera 
BladeFrame, a 96-processor box that also runs Linux. 
This puppy provides fail-over support for any blade, 
and its special control blades let you redistribute 
computing power in real time. 

BladeFrame is pricey, starting at more than 
$200,000 (as of November, anyway), but considering 
what you get, it’s probably worth every penny. 

“I Don’t Want to Spoil the Party” for the blade 
vendors, but “I’ve Get a Feeling” that as terrific as 
they are, server blades will have a limited shelf life. 
What is the BladeFrame? One box, many servers, 
reliable, real-time management of processing power. 
That also describes the new IBM Linux-based 
mainframe, which starts at approximately $400,000. 
The difference is that it doesn’t need multiple servers. 
But if you do, it offers virtual servers. 

I recall that Bill Gates and “Some Other 
Guy” named Stewart Alsop predicted a 
day when we'd unplug the last mainframe 
and replace it with a PC. “Do You Want to 
Know a Secret?” “I Should Have Known 
Better,” but I used to agree. Now I'd have 
to say that the PC will never replace the 
mainframe. What PC-based servers like 
server blades may do, however, is devolve 
into mainframes. If that is indeed our 
future, IBM’s Linux-based mainframe 
isn’t a blast from the past, but a glimpse 
of the future. D 








OME PEOPLE MIGHT SMIRK 
at the thought of calling job 
schedulers some of today’s 
hottest systems tools. But 
the new breed of multiplat- 
form, XML-enabled, event-driven job 
scheduling tools represents several 
leaps forward from the old-fashioned 
IT workhorses of the mainframe era. 

Take a look at some of the organiza- 
tions using them: 

Narex Inc. in Golden, Colo., is using 
Tidal Software Inc.’s SysAdmiral job 
scheduler to automate and halve the 
time it takes to process credit reports. 

The Wisconsin Department of Cor- 
rections in Madison used Argent Soft- 
ware Inc.’s Argent Job Scheduler to run 
jobs just 20 minutes after installing the 
software. 

In Dallas, BMC Software Inc.’s Con- 
trol-M job scheduler has let the city’s 
data center trim a round-the-clock staff 
of 48 to a mostly daytime staff of 28. 

“After decades of being viewed as 
drab mainframe tools, job schedulers 
have become sexy,” says Patrick Dry- 
den, an analyst at Meta Group Inc.’s 
Houston office. 

Job schedulers were designed as 
simple job launchers first for main- 
frames, then for Unix systems. A mas- 
ter command would direct multiple 
agents to run reports, update databases 
and perform similar tasks at set times. 

Over the years, enterprise program- 
mers have written job scheduling 
policies with interdependencies. One 
policy might state that Job 2 (running 
reports) shouldn’t start until Job 1 (up- 
dating a database) has run successfully. 
And that was about as complicated as 
they got. 

Today, the report may run on OS 
390, the database on Unix, and data 
changes may flow from Windows NT 
servers of Web-based applications. 

“The conventional concept of batch 
job scheduling is moving from a time- 
driven process to an event-driven 
one,” wrote Paul Mason, an analyst at 
Framingham, Mass.-based IDC, in his 
December report, “Event-Driven 
Scheduling — the Next Step in System 
Automation?” 

With businesses running globally 
around the clock, a credit card compa- 
ny’s request for a report on a delin- 
quent account can come into Narex at 
2 a.m. as easily as at noon, says Paul 
Konkel, IT director at Narex. 

In the old, time-driven model, 
Narex’s systems could be set to auto- 
matically begin such jobs. But monitor- 
ing and restarting failed jobs was a 
manual process. 

Now, the trigger for the job sched- 
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| uler to start the report is receipt of 
the job request. And if the job should 
| abend, or fail, SysAdmiral can look into 


the application and often detect why, 


| says Konkel. If an address change was 


not affected, SysAdmiral can detect the 


| problem, trigger the application to up- 
| date the database and then rerun the 


job, all without manual intervention. 
Having scanned the logs, SysAdmiral 


| can detail conditions under which the 


process failed — “a big timesaver when 
you're trying to figure out what went 
wrong,” says Konkel. Reports that once 
took 24 hours now take Narex eight to 
12 hours. Two years after installing 
Mountain View, Calif.-based Tidal’s 


| event-driven job scheduler, that time is 
still shrinking, Konkel says. 


“A job scheduler is one product 


| where you can see a lot of gains from a 


single, simple tool,” Dryden says. “You 
don’t have to buy into a whole frame- 
work, and there’s an immediate, huge 
return on investment.” 

The Wisconsin Department of Cor- 
rections was using another product 


when Linda Johnson took over as ap- 


plications support engineer. “It’s a very 


| complicated product, more than we 
| needed to run 30 jobs a day,” she says. 


She instead selected Argent Job 
Scheduler. Farmington, Conn.-based 
Argent’s product is smaller and sim- 
pler than what the department had 
been using but offers the flexibility and 
reliability Johnson’s predominantly 
Windows NT systems need, as well as 


Se : ; : 
| compatibility with the state’s main- 





What to 
Look For 


When selecting from the more 
than 50 job schedulers on the 
market, consider the following: 


= The ability to integrate with your 
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= Ease of use 
= Fail-over capacity 


Cc. REPORT ERS: OLD 
LEARN NEW TRICKS,” BY MILIND GOVEKAR 


frame and other state agency systems 
and applications. And support is excel- 
lent, Johnson says, an important con- 
sideration in a shop with a small staff. 

Argent Job Scheduler automates 
database updates for the state’s sex of- 
fender Web site, which is now avail- 
able only to police but soon will be ac- 
cessible by the public. 

“Tt extracts data from our legacy sys- 
tem and moves that data to the main- 
frame,” Johnson says. Offenders move 
an average of 2.5 times per year, so just 


tracking addresses is a big job, she says. 
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Sophisticated event-driven job 
schedulers are blurring the line be- 
tween business-process automation 
and job schedulers, Mason writes. 

Smartworks.com Inc., a Web-based 
printing company in Dayton, Ohio, 
uses a job scheduler from Tidal to run 
jobs around the clock for its Web and 
SQL applications. 

“Tidal is scheduled to kick off inter- 
nal applications at Smartworks and, in 
the future, our disaster recovery site,” 
says Eric Gephart, the company’s se- 
nior network recovery manager. “The 
next step will be for the Tidal applica- 
tion to run on a server; a SQL back-end 
[server] will be running on our stor- 
age-area network.” 

When Dan McFarland took over in 
1999 as the CIO for the city of Dallas, 
an early initiative was to install Hous- 
ton-based BMC’s Control-M. 

“Now, when a job runs, if it abends, 
it has autorecovery built in,” explains 
McFarland. “We don’t have to call a 
programmer — Control-M restarts it.” 

The job scheduler underpins the 
city’s new 311 system, which lets resi- 
dents file complaints on everything 
from potholes to real estate assess- 
ments. The integrated system uses lay- 
ers of applications — including data- 
bases, reporting programs, geographic 
information systems and call centers 
— integrates the information, and lets 
residents and city officials track com- 
plaints via the Web. 

It also runs jobs for Dallas’ customer 
relationship management system and 


Anew breed of job schedulers emerges from the back office, 
takes the lead in tuning transaction processing. By Sami Lais 


GETTING 
THE JOB 
DONE 
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will take on similar tasks for a new en- 
terprise resource planning (ERP) sys- 
tem, McFarland says. “Scalability was 
an important issue for us,” he says. 

“The importance of job scheduling 
is very much tied to the ERP space,” 
Mason says. 

When Honeywell Aircraft Landing 
Systems migrated from an OS/390- 
based ERP system to Glovia, a Unix- 
based system from Fujitsu Ltd. in 
Tokyo, the need for a job scheduler ex- 
ternal to Glovia was quickly apparent 
to David Kulakowski, Honeywell’s ap- 
plications development manager. 

“We didn’t know until the next morn- 
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ing if our applications had failed the 


| previous evening,” he says. 


South Bend, Ind.-based Honeywell 
repairs and overhauls commercial air- 


| craft brakes. Glovia tracks and man- 
| ages the servicing procedures done on 


wheels and brakes at repair facilities, 
Kulakowski says. “We have to know ex- 


| actly what’s been done to every part of 
| an aircraft at all times — that’s FAA re- 


quirements. If we don’t, we can be 
fined,” he says. 

Kulakowski brought in SysAdmiral 
to manage the process flows between 
Glovia and applications at Honeywell’s 
corporate data center in Tempe, Ariz. 


Getail 

ailed - 

re trying 
Went wrong.” 


SysAdmiral does the job with informa- 
tion flowing bidirectionally, he says 
“Locally, we don’t man our IT systems 
in the evening now,” says Kulakowski. 


| YML-Enabled 


XML capabilities for job schedulers 
are also growing in importance. XML 
capability wasn’t the first of the Tidal 
scheduler’s features that Konkel imple- 
mented at Narex, but it’s a popular one 
among the company’s programmers. 

“I can have a team of programmers 
design a process flow in Visio, say, 
then output it in XML and use it in the 

| Tidal job scheduler,” Konkel says. XML 
| allows the process owners to have con- 
trol over the details of how their jobs 
run and frees Konkel’s staff from hav- 

ing to recode the process. 

“Enterprises are taking a more prag- 
matic perspective of their IT organiza- 
tions,” Dryden says. “Their expecta- 
tions of the business value that IT 
should deliver are higher.” And deliv- 
ering that reliability starts with opera- 
tions, he says 

Ironically, it’s the old mainframe job 
schedulers’ success at streamlining op- 
erations that can be the greatest obsta- 

| cle to buying a new one. 

“Even if a new and better one comes 
along, you've got so many rules in 
place with the old one, it’s nearly im- 
possible to tear it out,” says Ray Lefeb- 
vre, Oracle database administrator at 
Stride Rite Inc. in Lexington, Mass. 

And substituting one scheduler for 
another isn’t always necessary. 

Reuters Group PLC in London is ex- 
tending its IBM and Tivoli Systems 
Inc. job schedulers across its distrib- 
uted systems environments to “hun- 
dreds of Solaris and NT boxes,” says 
Andrew Cunningham, manager of 


global management systems at Reuters. 


With widely distributed sites, “we 
needed a tool that would work across 

| multiple environments but that could 
| be controlled centrally,” Cunningham 
| says. Because Reuters’ systems run un- 
der Tivoli Enterprise Console, the de- 
| cision to use Austin, Texas-based 
| Tivoli’s Unix and NT scheduler was a 
; logical one, he says. 

“The quest for enterprises to move 
| toa single cross-platform job sched- 
| uler remains a key requirement,” wrote 
Milind Govekar, an analyst at Gartner 
| Inc. in Stamford, Conn., in his July re- 
| port, “Job-Scheduling Magic Quadrant: 
New Challenges.” But for most firms, 
| 
| 
| 


that’s unlikely to happen before 2004. B 





Lais is a freelance writer in Takoma 


i Park, Md. Contact her at sami_lais@ 
computerworld.com. 


Upsides and 
Downsides 


Here’s what a few IT 
managers say they love — 
and hate — about their 
job schedulers: 


Eric Gephart 

Senior network recovery 
manager, 
Smartworks.com Inc., 
Dayton, Ohio 


SCHEDULER: SysAdmira! 


from Tidal Software Inc 


LOVE: “When you're setting up 
the job, it’s very granular, very de- 
tailed. But once you have it set up, 
it takes care of itself - you don’t 
have to worry about it. We're us- 
ing NetlQ at Smartworks; Tidal’s is 
the only scheduler that integrates 
with NetIQ. which is big for us.” 


HATE: “The software is expen- 
sive. It's the Cadillac version of 
scheduling software.” 

Linda Johnson 

Applications support engineer 
Wisconsin Department of 
Corrections, Madison, Wis 


SCHEDULER: Argent Job 
Scheduler from Argent 
Software Inc 


LOVE: “It's fast and easy. It took 
less than 30 seconds to install the 
software, and | had it running jobs 
in less than 20 minutes.” 


HATE: “It doesn't integrate direct- 
ly with our mainframe scheduling 
software, but there are many 
work-arounds for that.” 


Andrew Cunningham 
Manager of global management 
systems, 

Reuters Group PLC, London 


SCHEDULER: Tivoli Workload 
Manager from Tivoli Systems Inc 
and Tivoli Workload Scheduler 


LOVE: “its fault tolerance. We use 
it to centrally schedule backups. If 
that central connection goes 
down, [the scheduler] on the 
client device will continue to oper 
ate and schedule to make sure the 
backups take place.” 


HATE: “It doesn't directly support 
VMS. There is an agent for Tivoli 
Workload Scheduler, written by 
Heroix [Corp.], but it doesn't have 
fault-tolerance capability, so we 
use DEC Scheduler instead.” 
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ENERGY 
MAKEOVERS 


Power companies struggle 
to transform themselves with technology 
in an industry still in astate of flux. 
By Melissa Solomon 


UTAGES, PRICE CONTROLS, regulatory 

violations: Newspapers offer a 

glimpse into the turbulent world of 

today’s energy industry. 

And the future is anybody’s guess, 

as investigations into California’s en- 
ergy crisis and the Enron Corp. implosion raise new 
questions about old assumptions. 

Despite the confusion, energy companies are 
pushing to keep pace with competition, and many 
have turned to technology for help. The systems they 
choose vary based on their missions, but most share 
one attribute: flexibility to expand or contract with 
the industry. 

“I think what you can’t do is nothing. There’s a 
price you pay because of that uncertainty,” says Eu- 
gene Zimon, CIO of NStar, a Boston-based energy 
distribution company. 


CASE 1: Info is Power 


May 1. That’s when the final phase of 
energy deregulation is scheduled to take 
place in Ontario. 

One of the consequences of deregula- 
tion will be to force Toronto-based On- 
tario Power Generation Inc. (OPG) to 
shift from owning about 90% of Ontario’s 
power-generation sites to owning just 
35%. As the company sells its existing fa- 
cilities and purchases new plants outside 


ing plants | 
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Ontario, its IT infrastructure must be scalable, says 
Syed Mir, vice president of electricity production 
and corporate systems at OPG. That way, “if you sell 
a station, you just unplug it,” says Don Gagnon, se- 
nior engineer for IT at OPG’s Niagara plant. 

The goal is to establish an infrastructure that lets 
each OPG plant be managed separately, while creat- 
ing enterprisewide systems so employees at the 
plants and corporate offices have access to financial 
and operational data across the company, says Mir. 

“We've always believed we were data-rich but in- 
formation-poor,” he says. 

That’s where Chicago-based Industrial Peer-to- 
Peer LLC’s eDNA data historian suite comes in. OPG 
already piloted the system at its Niagara site, and it is 
now implementing it at its largest hydroelectric and 
fossil-fuel sites. The next step for eDNA will be to in- 
tegrate plant equipment data with main- 
tenance and planning systems. 

The eDNA suite compiles historical 
and real-time data about plant equipment 
and systems operations, analyzes that 
data and presents it in customized for- 
mats via client servers or the Web. It pro- 
vides a central data repository using a 
standard format that can be viewed by 
anyone at OPG. 

Graphical displays present the existing 
plant conditions, such as temperature and 
steam pressure, as well as the optimal 
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conditions and the deviation between the two. That 
data, which is updated in real time, is tied to financial 
systems, providing information about average losses 
for the year to date, as well as projected losses if con- 
ditions are left as they are. So, for instance, OPG can 
determine the commercial value of the water that’s 
being spilled at a plant, says Gagnon. 

Because of eDNA’s data compression tool, OPG 
can store lifetime data on its intranet, Gagnon ex- 
plains. During the pilot, OPG was able to store 12,000 
points of data in up to two-second intervals using 
only 8GB to 10GB. 

“Our power stations are massive facilities spread 
across a massive territory, and eDNA is a way of see- 
ing what’s happening in that massive system at one 
time,” says Barry Walchuk, manager of systems inte- 
gration at OPG. 

But eDNA is just one piece of the puzzle for OPG 
as it shifts to a newly competitive environment. It has 
recently installed a variety of financial risk manage- 
ment tools, including billing and customer relation- 
ship management systems, says CIO Dietmar Reiner. 

OPG spun off nearly 600 of its IT staff into a sepa- 
rate company called New Horizon System Solutions. 
Now, OPG (and its new competitors) will be able to 
buy support from Pickering, Ontario-based New 
Horizons based on need. 

“In terms of getting where we need to go, we will 
never get there, because that would mean that you're 
stagnant,” says Reiner. 
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CASE 2: IT Overhaul 


It’s been more than six months since the heat wave 
that left tens of thousands of Boston-area businesses 
and residents without power for days, and the Mass- 
achusetts attorney general is still fighting to levy a 
$22.5 million fine on NStar. He charges that the out- 
ages were due to negligent maintenance on the part 
of the utility. But it’s not just customers, regulators 
and politicians who came down hard on NStar. 

After completing an internal audit, “we didn’t like 
what we found,” says Eugene Zimon, who was hired 
as NStar’s CIO after the outages. Since then, Zimon 
has developed a multiyear 
plan to overhaul NStar’s IT 
infrastructure. The proposed 

, oe changes are aimed at im- 
a os proving outage management, 
outages as sole 

customer service, meter- 
ing/billing and work-man- 
agement processes. 

To be effective, the sys- 
tems must be separate com- 
ponents so they can adapt to 
change but also be integrated 
with one another, Zimon says. 

He has set June 1 as a target date for the first of his 
goals for 2002: reducing outage restoration time and 
customer minutes lost by upgrading NStar’s outage 
management system. The idea is to automate and in 
tegrate all the pieces: the customer information sys- 
tem, the outage management and trouble-dispatch 
systems, the geographic information system (GIS) 
and the supervisory control and data acquisition 
(SCADA) system. In December, Zimon selected Fair- 
fax, Va.-based webMethods Inc.’s enterprise applica- 
tion integration tool for the project. 

Ideally, when an outage report comes into the call 


y: NStar 


Sob Upgrading 
and integrating 
outage manage- 
ment and customer 
service systems 


center, it gets routed to the outage management sys- 
tem. The system then integrates the GIS (which is 
used to maintain maps of NStar’s electric distribution 
network) with customer information to analyze the 
call pattern and determine the location, and possibly 
the cause, of the outage. Meanwhile, the SCADA sys- 
tem, which monitors the network, provides real-time 
updates to the outage management system to advise 
of any changes in the operating condition of circuits. 
Once the location is determined, a trouble crew is 
dispatched to assess the problem and determine the 
corrective action and needed resources. 

When power is restored, the customer information 
center is notified so it can inform customers that the 
problem has been fixed. Finally, a corrective work or- 
der is issued for long-term maintenance needs and to 
update records, says Zimon. “If one of those links is 
broken, we've got to fix it,” he says. 

Zimon’s next goal is to improve customer service 
and billing. He has started installing a customer in- 
teraction center that will serve as NStar’s multichan- 
nel front office, with integration to back-office billing 
and midoffice provisioning systems. 

Such changes are inevitable for an industry that’s 
just starting to understand the dynamics of competi- 
tion, says Ethan Cohen, an energy analyst at Boston- 
based Aberdeen Group Inc. 

“There’s just too much at stake in terms of creating 
shareholder value,” he says. D 
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CASE 3: From Chaos to Calm 


As industry pioneers, Chicago-based Exelon Corp.'s energy 
traders had to create their own techniques for operating in a 


complex, time-sensitive business. 


Their jury-rigged techniques worked, but just barely. Traders 
knew to push the scroll key 10 times, for instance, to get where 
they needed to be on their screens. Fluctuating rates, available 
transmissions and market rules were stored inside their heads. If a 


number was transposed when recording a trans- 
action or a price was misquoted, the deal would be 
voided or Exelon would face penalties from regula- 
tors, says Blake McLaughlin, an IT project manag- 
er at Exelon Power Team in Kennett Square, Pa. 

“It's amazing we made money during this 
time,” says Power Team spokeswoman Caryl 
Sabine. “It's really a testament to the traders,” 
adds Ron Swartz, who led the effort to overhaul 
the trading platform. 

In 1999, Swartz started shadowing traders to 
see how IT systems could automate and simplify 
their work. Traders worked on a fixed hourly 


schedule, explains George Barnes, 2 trader who teamed with 
Swartz on the systems development team. The first 20 minutes 
of the hour were spent making calls and lining up trades. The 
next 20 minutes were spent coordinating the transmission of 
power. The final 20 minutes were spent lining up the next hour's 


deals and straightening up loose ends. 


It was chaotic, says Swartz. After more than a year of brain- 
storming with traders, Swartz worked with McLaughlin to find 
commercial automated trading software, with no success. 

But there aren't canned solutions available, says Michael 
Erdien, vice president of IT at Exelon’s generation division. 
“Eight years ago, this industry didn’t exist at all, and the rules are 


changing all the time,” he says. 
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In July, Exelon Power Team rolled out its homegrown VizTrade 
system, which holds the data once stored in traders’ heads and 
lets them point and click on a screen to transact energy trades. 

VizTrade is linked to the traders’ telephones, so when they 
call a company, all of that company's data automatically pops up 
on the screen and thus it doesn’t have to be re-entered for each 
deal. From there, VizTrade presents a bubble map (created with 


East Windsor, N.J.-based Infragistics Inc.'s Inter- 
act Control software) showing sites of major utili- 
ties and routes that power can travel. The system 
automatically defaults to commonly used routes 
to save time. 

With VizTrade, deals can be made within sec- 
onds, and traders can get started scheduling and 
transmitting energy immediately, rather than 
waiting urttil all the deals have been lined up dur- 
ing ihat first 20 minutes. The system operates in 
a real-time distributed environment, so that as 
traders make deals, that information is updated 
instantly throughout Exelon’s offices, says 


Swartz. Color-coded circles tell traders whether a market is 
open, a deal is in progress or a trade has been closed. “Your first 
day, it’s just connect the dots,” says Barnes. 

Previously, it could take six to eight months to train a new 
trader, says Joe MacCrory, a trader who also worked on the sys- 
tem development team. Recently, with VizTrade, an intern was 
conducting trades after a five-minute tutorial. 

In addition to simplifying the process, VizTrade has multiplied 
the number of trades conducted. The return on investment can 
conceivably be realized on a busy summer day, says Swartz. 

But, Erdien quickly adds, “it's not a question of ROI. We need 
this to survive in our business.” 


~ Melissa Solomon 
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GAMES 
OMPUTER 


PLAY 


Computer game research represents a 
success story in the checkered history of 
artificial intelligence. By Gary H. Anthes 


RTIFICIAL intelli- 
gence (AJ) is a disci- 
pline that soared on 
the wings of opti- 
mism in the 1960s 
and 1970s, only to fall into dis- 
illusionment and even disre- 
pute in the ensuing years. But 
in that time, AI has triumphed 
in a realm few people think 
about or take seriously: com- 
puter game-playing. 
The biggest victory for 
game-playing computers was 


in 1997, when IBM’s Deep Blue 


defeated world chess champi- 
on Garry Kasparov in a six- 
game match. The supercom- 
puter, consisting of 512 spe- 
cially designed chips, could 
consider 200 million moves 
per second, vs. about two 
moves per second for Kas- 
parov’s wetware. 

Deep Blue’s tour de force 
was the culmination of an 


| eight-year, multimillion-dollar 


research project at IBM that 
led directly to advances in 


| chip design, parallel-process- 


ing techniques and algorithms. 
That research continues as 
part of IBM’s $100 million 
Blue Gene project, which 
during the next decade will 
build a machine operating at 

1 quadrillion floating-point 


| operations per second (1 peta- 


FLOPS) to attack problems 
such as protein folding, mole- 
cular dynamics and drug 


| design. 


Writing software and build- 
ing computers to play board 
games has taught computer 
scientists a great deal, and it 
has taught the artificial intelli- 


| gentsia much about AI. Now 


research is heading in new 
directions, where experts say 
new techniques are likely to 
find applications elsewhere. 





Jonathan Schaeffer, a com- 
puting science professor at the 
University of Alberta in Ed- 
monton, uses games to aid his 
Al research. He developed 
parallel-processing algorithms 
to search a database of | tril- 
lion checkers positions, and 
those same algorithms found 
their way into commercial 
products for gene sequencing 
at a company he co-founded, 
BioTools Inc. in Edmonton. 

Schaeffer says researchers 
once believed that the way to 
make computers play chess 
was to build into them the 
same expert rules and insights 
that the best players use. 

“They tried to simulate the 
human brain, but they quickly 


| discovered that, boy, that’s re- 
ally tough,” he says. “The in- 


novation was, ‘If we are not 
smart enough to tell the com- 
puter what chess positions to 


| 
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, AN AUDIENCE WATCHES GARRY KASPAROV on a TV screen contem- 


plating his next move against Deep Blue, IBM's chess-playing com- 
puter, during the second game of their six-game rematch on May 4, 
1997, in New York. After this game, it was Man 1, Machine 1, but Deep 
Blue took the sixth game and the match on May 11. 


look at, let’s just look at them 
all.’” This “brute-force search,” 
previously disdained by AI 
workers, proved to be the sil- 
ver bullet. Today, the tech- 
nique populates commercial 
optimization programs, Scha- 
effer says. 

Research is now moving 
from games where raw search- 
ing is the answer, as it proved 
to be in chess and checkers, to 
those where that doesn’t work 
well. For instance, in card 
games, there are too many 
combinations to consider and 
players don’t know what cards 
other players have. Another 
example is a poker-playing 
program at the University of 
Alberta that uses a Monte Car- 
lo simulation to assess the 
probability of various out- 
comes and neural networks to 
analyze the betting and bluff- 
ing history of opponents. 

“We can generalize this 
technology so it has wider ap- 
plicability,” Schaeffer says. 
“For example, there are com- 
plex auctions with many play- 


Al RESEARCHERS USE GAMES LIKE Unreal Tournament to develop humanlike characters for training and education applications. 


ers and interactions. How 
much should I bid? What are 
the benefits to me, and what if 
I don’t get it? Who am I bid- 
ding against? Bluffing and mis- 
representation are critical is- 
sues in everyday dealings.” 

Meanwhile, AI research is 
seeking to advance the state of 
the art in interactive computer 
games of the sort that popu- 
late teenagers’ bedrooms. 

John Laird, a professor at 
the University of Michigan in 
Ann Arbor, is “hooking up AI 
systems” to commercial games 
| such as Raleigh, N.C.-based 
Epic Games Inc.’s Unreal 
; Tournament so that characters 
| in the games behave more re- 

alistically. “The idea of having 
| intelligent characters in train- 
ing and education is a big 
thing,” Laird says. He has a 
contract with the U.S. Depart- 
ment of Defense to develop 
Al-based game techniques as 
| replacements for expensive 
| flight simulators and the 
human operators who are 
used to train fighter pilots. 

Laird’s brother-in-law is an 
actor who works part-time at 
Northbrook, IIl.-based Allstate 
Insurance Co., where he helps 
train agents by posing as an 
indignant customer demand- 
ing more money for claims. 
“You could create these kinds 
of training environments with 
AI systems instead of my 
brother-in-law,” Laird says. D 

information on 


Li Ik computer games 


research, visit our Web site: 
| www.computerworld.com/q?27337 


For access to this 
article and additional 
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BY MICHAEL MEEHAN 
HESE DAYS, it seems as 
if the world is tied 
together with net- 
work cable. 

Although we may take a 
wired world for granted, the 
consequence is that we rely on 
wires to connect us to anything 
and everything we do. There 
are three types of cabling sys- 
tems in use: twisted pair, coaxi- 
al and optical fiber. 


Twisted Pair 


Twisted-pair cable is the tra- | 
ditional wiring used by tele- | 
phone companies: Two insu- | 
lated copper wires wrapped | 
around each other. Each pair 
carries information via differ- | 


ential signaling (also known as 
balanced input), wherein the 
desired signal generates equal 
but opposite currents in the 
two wires. 


The twisting keeps the two | 


wires as close together as pos- 


sible so both wires experience | 


the same total amount of inter- 
ference. If the wires simply ran 
parallel, they would be signifi- 
cantly susceptible to 
noise and interference. 


more 


aie “arn ° . | 
Twisted-pair cables come in | 


different categories. Lower- 
end categories are used pri- 
marily in homes, and higher- 
end categories are used as a 
cheaper alternative to coaxial 
cable in LANs. 

Twisted-pair cables can be 
bundled inside a larger cable. 
This allows for phones, mo- 


dems, Ethernet and the like to | 


be wired using only one cable. 


The smaller twisted pairs are | 


often color-coded to denote 


a shielded twisted pair. 
Coaxial 

Invented in 1929, coaxial ca- 
ble was used when AT&T 
Corp. built its first cross-conti- 





; use 
| wiring into their central of- 


TECHNOLOGY 


HOT TRENDS & TECHNOLOGIES IN BRIEF 


The Cables That Bind 


DEFINITION 


Unless it’s wireless, a network exists only because 
of the cables that connect the various computers, 
servers, printers and other devices. But a cable 
isn’t just a wire — it has to meet certain specifica- 
tions if the network is to function properly. 


Twisted-pair cable 
with RJ45 plugs 


} nental transmission system in 


1940. 

Coaxial cable (called “coax”) 
is best known from the cable 
TV hookups in homes. Like 
twisted-pair cable, coax in- 
volves two copper-based chan- 
nels that carry signals. The dif- 
ference is that both channels 
are contained ina single wire. 

The central copper wire is 
surrounded by a layer of insu- 
lation. Around the insulation is 


a braided copper mesh chan- 
| nel, and around that is the out- 
their use. The bundled cables | 
can also be shielded using a | 
rubberlike covering, often for | 
business uses. This is known as | 


side insulation for the wire. 

Coaxial is considered a stur- 
dier design than twisted pair, 
but it also costs more. Tele- 
phone companies sometimes 
coaxial cables for 


fices, but twisted pair is used 
more often. Business uses in- 
clude corporate Ethernet and 


the | 





Network Cables 


Coaxial cable with 
BNC (round) connectors 


© © 


LANs. Like twisted-pair cables, 
coaxial can also be bundled in 
larger cables. 


Optical Fiber 


With optical fiber, light puls- 
es are sent along a glass or 
plastic fiber, avoiding electro- 
magnetic interference and the 
need for retransmission that 
occurs with copper wire. 

While fiber can carry much 
more information than copper, 
light pulses dissipate over long 


distances. To solve this prob- | 
lem, a repeater is used to re- | 


ceive a signal, amplify it and re- 
transmit it along the next leg of 
the cable. Analog signals hold 
together better than digital sig- 
nals, so analog repeaters can be 


placed up to 18 kilometers apart | 


(a little more than 11 miles). 
Digital repeaters must be clos- 
er together, typically two to six 





Fiber-optic cable 
with SC connectors 


kilometers (one to four miles), 
but they can purge unwanted 
static from the signal, whereas 
analog repeaters pass along any 
static or interference. 

In a fiber-optic network, a 
repeater consists of a photo- 
cell, an amplifier and an LED 
or infrared-emitting diode. The 
diode fires the signal along the 
next segment of its trip. 

For longer distances, some- 
thing called single-mode fiber 
is used. This cable carries a 
single ray of light to ensure 
that a signal reaches its intend- 
ed destination. Single-mode 
fiber is commonly used in 
long-distance phone lines. 

Multimode fiber sends mul- 
tiple rays of light concurrently 
and is used for shorter dis 
tances. Multimode has a larger 
core than single mode, and 
rays are sent along at slightly 


@ Are there technologies or issues you would like to learn about in QuickStudy? Please send your ideas to quickstudy@computerworld.com. 
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differentiated reflection angles 
within that core. 

Glass fiber also requires a 
thicker coating for physical 
protection than a copper wire. 
Repeaters, thicker coating and 
labor-intensive installation all 
drive up the cost of optical 
fiber, which is one reason why 
it’s not normally used to con- 
nect local customers to a tele- 
phone company branch office 
despite the fact that it can car- 
ry a greater amount of infor- 
mation. [For more on optical 
fiber, see “Optical Network- 
ing,” Knowledge Center: En- 
terprise Networking, Jan. 21.] 


Connectors 

We can’t talk about cables 
without mentioning the plugs 
that allow us to connect them 
to devices. Each type of cable 
uses several different types of 
connectors, and standardiza- 
tion of these connectors is as 
important as the cable stan- 
dards themselves. 

Twisted-pair cables can 
have many different types of 
connectors. The two most 
common are Registered Jack 
(RJ) 11 and RJ45. RJll connec- 
tors are commonly used in U.S. 
telephones with four or six 
contact points. RJ45 connec- 
tors are similar but wider, with 
eight contact points, and are 
generally used in heavy-duty 
computing environments. 

Coaxial network cables gen- 
erally use Bayonet Neill-Con- 
celman (BNC) twist-lock con- 
nectors. 

The most common fiber-op- 
tic cable connectors are ST (a 
twist-lock device), FC/PC 
(which screws on) and the 


snap-in SC.D 
[Tnk@e@ Studies, visit Com- 
puterworld.com at 
www.computerworld.com/q?q3000 
w For details on the types of twisted-pair 
cabling, visit our Web site 
www.computerworld.com/q?27087 


w For a complete list 
of Technology Quick- 
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The Strange Case of 
e Phantom Intruder 





Could unauthorized activity be an inside job? 
Vince investigates — and finds an unlikely culprit 





BY VINCE TUESDAY 
URING THE PAST year and 
a half, I’ve written about 
many of the ups and 
downs of being an infor- 
mation security manager. 
I’ve been open about most issues, but 
I’ve never mentioned one big event be- 
cause — until recently — we hadn't re- 
solved it. 

About a year ago, we detected unau- 
thorized access to an inter- 
nal system. The attack 
could have been carried 
out only by an insider or by 
an external attacker who 
had working internal cre- 
dentials. 

It started one morning 
when a sales staff member 
came in to find that her 
desktop had changed 
overnight. She’d left her 
machine locked using a 
password-protected screen 
saver, but when she re- 
turned in the morning, her 
e-mail client was open and 
her browser had been tak- 
en to AltaVista Co.’s Web 
site. 

At first, we didn’t believe her. We re- 
ceive a small but regular number of 
alerts from staffers who think that the | 
slightest unusual machine behavior | 
proves that an evil hacker has taken | 
over their machines. We have a physical 
system that requires 
magnetic swipe cards at all doors in our | 
building, so it’s unlikely that an unau- 
thorized person could have gained 
physical access to the user’s system. 

Our initial hypothesis was that the 
user had left her screen unlocked or | 
had opened the applications herself be- 
fore she left. 

Because all Web access goes through 
our proxy server, we can trace activity 
back to a user and a desktop and extract | 
the time of access from our logs. We use 
a proprietary screen saver that down- 
loads news items from the Web and dis- 


access-control 
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plays them on locked screens. 

Our Web logs told us that the screen 
saver had been started at 6:03 p.m. The 
card-swipe system recorded the user 
leaving at 6:13 p.m. The Web logs 
showed that the AltaVista Web site had 
been accessed at 11:46 p.m. So the user 
hadn’t left her screen unlocked, nor had 
she opened the applications herself. 

We tried to think of possible explana- 
tions and kept coming up empty- 
handed. We knew it couldn’t 
have been the victim, unless 
she was involved in a con- 
spiracy with accomplices 
helping her fool the card- 
swipe system. But why 
would she notify us if she 
had carried out the attack? 

I gathered my team to 
brainstorm possibilities. Per- 
haps someone had her pass- 
word and unlocked the ma- 
chine. Maybe the machine 
had some kind of Trojan 
horse code installed. We 
swapped out the machine for 
a new one and created a 
forensic image of the hard 


drive before reformatting it. | 


We searched the image but 
could find no known Trojan horses. 

Had we been convinced that it was a 
Trojan horse, we would have called in 
law enforcement. They have access to a 
database that contains the “finger- 
prints” (called MDS hashes) of a large 
number of known files, including ven- 
dor-provided fingerprints of all of their 
software files. By excluding all the 


| known Microsoft files whose signatures 


matched the fingerprints in the data- 


| base, we could isolate any Microsoft 


files that had been tampered with. 


But we didn’t want to lose control of 
the investigation — or risk damage to | 


our organization’s reputation — so we 
put aside that line of investigation and 


might have done anything to annoy her 
co-workers. 
During that interview, the user men- 





tioned that she shared her password 
with her teammates. 

We shook our heads and shut down 
the investigation. 

Obviously, one of the other staff 
members had unlocked the machine at 
some point. We could take our work no 
further. Instead, we helped the staffers 
set up a central file share so they could 
make their public files accessible to one 
another without sharing desktop ac- 
counts. 

But a month later, the user was back. 
It had happened again: This time, 
www.thesource.compag.de had _ been 
opened, along with her e-mail. She 
swore that only she knew the password, 
so it must have been someone mali- 
cious. 

We considered adding a keyboard 
sniffer to log keystrokes so we could 
tell if the abuse came from the key- 
board or a piece of running code. Un- 
fortunately, the user was using a Com- 
paq Universal Serial Bus (USB) key- 
board instead of a standard PS/2 con- 
nector, so that was impossible. 


Closing In 

The attacker struck again a few 
weeks later, and this time, we got our 
first real bit of luck. By linking the 


times the suspicious usage had hap- | 


pened to the swipe-card records, we 


could find the 10 to 20 people who had | 


passed through the area each time. 
Only one name was on all three lists. 

We had him! An employee of our 
contract cleaning company had been in 
the room during every incident. He had 
the opportunity. Now all we needed 
was a motive. 

We called in physical security to 
arrange an interrogation of the suspect 


| while I searched around the user’s desk 
| to see if the cleaning worker could have 
| found any notes with passwords writ- 


ten on them that would have allowed | 


| him access to the user’s account. 


But there was nothing next to or un- 
der the system and its rather sleek, 
black keyboard. The keyboard — that 


| was it! I grabbed my phone and can- 
interviewed the user again to see if she | 


celed the interrogation. The service 


worker was guilty of nothing other than 


being the only cleaner to do such a 
good job. 
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MD5 hashes: RSA Security Inc. in 
Bedford, Mass., created the MD5 algo- 
rithm as a means to secure encrypted 
communications. The National Drug In- 
telligence Center (NDIC) in Johnstown, 
Pa., uses the HashKeeper forensic 
database to establish a unique 128-bit 
identifier that creates a signature for 
specific, known files. 


LINKS: 


www.gocsi.com/prelea/000321. 
html: |s it an inside job? In the San 
Francisco-based Computer Security In- 
stitute’s “Computer Crime and Security 
Survey,” 70% of 538 respondents cited 
their Internet connections as a frequent 
point of attack - but 31% also cited 

ttacks coming from their internal 
systems. 


www.hashkeeper.org/: The NDIC's 
HashKeeper Web site has established a 
Microsoft Access database of unique 
identifiers, or “hash values,” of known 
files for forensic use. Unfortunately, the 
database is available only to law en- 
forcement authorities. 


www.keyghost.com/: Christchurch, 
New Zealand-based KeyGhost Ltd.'s 
keyboard sniffer records keyboard activ- 
ity. It would have been useful in my in- 
vestigation, but it works only with key- 
boards using a PS/2 connector, not the 
USB device attached to our Compaq 
systems. 


What had I noticed? Compaq key- 
boards have a series of buttons along 
the top. Called “easy access” buttons, 
they serve as shortcuts to commonly 
visited Web sites, like www.altavista.com 
and www.thesource.compag.de, and to 
the user’s e-mail client. 

The cleaner simply brushed against 
these buttons while cleaning the key 
board. Although the workstation was 
locked, these keys still bypassed the se- 
curity lock and launched the Web sites 
and e-mail client. (Compag has since is- 


| sued a patch.) 


Once again, the threat came from nei- 
ther insiders nor malicious Internet at- 
tackers, but from IT vendors too keen 
to add new features. D 


Discuss this week's column and 
catch up on the latest security 
developments online at 
www.computerworld.com/q?q2000 


§ This week's journal is written by a real security manager, “ Vince Tuesday,” whose name and employer have been disguised for obvious reasons. Contact him at vince.tuesday@hushmail.com or go to the Security Manager's Journal forum. 





When your business is online, sealed documents, signatures and handshakes no longer work. 


Let RSA Security bring authenticity to your e-business. 


RSA 


SECURITY 


The Most Trusted Name in e-Security” 


www.rsasecurity.com 
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Proxima DX2 XGA ¢ 1000 Lumens ¢ 5.8 Ibs. 


XGA * 1000 Lumens «5 Ibs. $2,795 
DLP Technology 


You Supply the Message, $1,995 
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Proxima DP9280 
Epson PowerLite 700c XGA * 3000 Lumens ¢ 20.3 Ibs. 
XGA ¢ 800 Lumens ¢ 5.8 Ibs. Lens shift, power zoom/focus 


$1,995 $4,995 


ADTECH 


Empower your presentations 


| CALL 800-419-0023 

For the best deals in New, Used, B Steck and Closeout projectors, go to... 
IndustryEmail.com | www.adtech-sys.com/iw 

Epson * Hitachi ¢ InFocus * Mitsubishi * Panasonic ¢ Plus * Proxima * Sanyo * Toshiba * Viewsonic 
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Few companies see the full scope of 
the contribution IT can make to their 
business. Fireman’s Fund, a leading 
insurance company, will actively 
empower you to make that difference. 
Our Shared Services infrastructure 
positions you to make decisions with a 
tangible impact on the profitability of 
technological solutions. We'll give you 
the accountability you crave and 
inspire you to make the most of it — 
with lucid guiding principles, 
energized co-workers, and exceptional 
rewards. With your commitment, and 
that of our global parent, Allianz AG, 


there's nothing we can’t accomplish. 


MAKE YOUR 
~ OLD JOB 


NRO lehy 


Advance your coding, testing and debugging skills leading development of a platform-independent 
user interface for OS/2 applications. Create new N-Tier applications and critically analyze vendor 


proposals and solutions. 


Play a key role creating IT solutions to enable achievement of business goals. Interview users and 
conduct feasibility studies to determine system specifications, then implement testing and ongoing 
evaluation of solutions. Responsibilities range from promoting efficiencies within client business areas 


to facilitating workflow within IT. 


Manage multiple IT projects such as business applications, architecture, data marts, operational data 
stores and infrastructure. Take responsibility for the complete project lifecycle from developing tactical 


and strategic approaches to cost/benefit analysis and risk assessment 


Analyze requirements, design and program applications for Enterprise e-Business projects, working 
closely with consultants, business analysts and other developers. Applications will primarily be deployed 


on WebSphere servers running on AIX platforms. 


These are examples of the types of positions you may find at various locations of Fireman's Fund 

Be the first to hear about Fireman's Fund opportunities that are relevant to you, with our newly 
launched Career Navigator. Take two minutes to register and create your skills profile and we'll match it 
against every position that becomes available. When a good match comes up you'll instantly be notified 


by email, and can decide whether to take the next step. It’s a great way to let your perfect job find you 


www.firemansfund.com/careers/ita29.html 
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WEEa IT CAREERS 


experience 
e managing network operations team 
e resolving UNIX problems 


e working lots of overtime with little reward 


ready to experience 
e variety of leadership opportunities in IT 
e workplace that celebrates diversity 


© compensation that rewards performance 


STATE FARM 


So 


INSURANCE 


Get there with State Farm. 

Come to work on one of the world’s largest 

computer networks. And see your hard work 

pay off—in your salary and benefits. Plus, take 

advantage of opportunities to manage friendly 

people from a wide variety of backgrounds. 

These are just a few of the reasons we rank a 

13th in Computerward's “Best Places to Work.” SURE 


For more information, visit statefarm.com* NETWORK WORLD ’ 

or email jobopps.corpsouth @statefarm.com i 
COMPUTERWORLD, 
AND INFOWORLD 
Here You Do 


A BETTER JOB. 


Like a good neighbor, Staf 


State Farm insurance Compaities 


as | Now Let Us HELP 


You GET ONE. 


CALL: 
1-800-762-2977 
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Go careers.com 


Oracle Corporation has openings 
in Redwood Shores, CA, Miami 
FL, Orlando, FL, & other U.S 
locations for 

* Consultants 

* Software Engineers 

* Financial Analysts 

* Technical Contract Analysts 

* Sales Executives 

¢ Sales Managers 

* Sales Engineers 

Some positions require fluency 
in Spanish. Email resume to 
resumes_us@oracle.com 
Oracle supports workforce 
diversity. 


MILLIONS OF 


THOUSANDS 


TOTAL IMPACT 
TOTAL 





SAVINGS | 


| Put your message in 


IT careers and 


ITcareers.com and | 


reach the world’s 


best IT talent. 


FT < 


IT careers.com 


READERS | 
MILLIONS OF | 
SURFERS | 
ONLY | 


OF DOLLARS 
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Network Associates (Nasdaq: NETA), the world’s largest independent network 
security and management software company, and the eighth largest independent software 
company overall, is the culmination of best-of-breed technologies from the world's leading 
software developers. These leading brands are used by Network Associates' more than 
60 million customers around the globe and include McAfee anti-virus, PGP encryption, 
Gauntlet firewall, Magic Help Desk applications, and the Sniffer family of network 
analyzers. 


We currently have dynamic opportunities in Santa Clara, CA; Los Angeles, CA; Beaverton, 
OR; Rockville, MD; Dallas, TX; Herndon, VA; Wayne, NJ; Rego Park, NY; and Oakbrook 
Terrace, IL, for all levels: 


* Software Engineers * Security Products Manager 


* Quality Assurance Software Engineers * Sales (all divisions) 
* Programmer Analysts * System Analysts 
¢ Database Administrators * Customer Support 
* Hardware Design Engineer 
To apply, please send your resume to. 
Network Associates Human Resources 
3965 Freedom Circle, Santa Clara, CA 95054 


Or email your resume to jobs@nai.com 
Equal Opportunity Employer 
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Every day hiring managers turn to ITcareers.com 
for the best IT candidates. They know us and 
they know we can deliver. 


If you want a better challenge, we challenge you 
to find a better IT career site than ITcareers.com. 


(7) careers.com 


and 


EIS 


“Revealing” 
Uae ee 
“Well Researched” 
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SALARY 
an 


RHICONSULTING 


Technology Professionals 


A Robert Half ternational Company 


rhic.com * 800-793-5533 
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@ careers.com 


Amdocs, a leading developer 
of software solutions for the 
telecommunications industry is 
seeking team players with 
strong technical & personal 
skills for multiple openings in 
the following positions at our 
Champaign, IL location 

& Database Administrators 

-Administrate telecomm data- 
bases for conversion & migra 
tion projects. Req.: 3 yrs. exp. 
as database administrator or 
database analyst. Must have 
exp. w/4GL, VMS, X.25, & 
telecomm projects. 
> Systems Analysts 
-Design, develop, analyze & 
test new & existing functionali 
ties for telecomm software 
solutions. Req.: 2 yrs exp. as 
systems analyst or program- 
mer/analyst or systems engi- 
neer Must have exp 
w/COBOL, DB2, VSAM, Oracle 
and telecomm projects. 

Analyze, design, code & test 
general interfaces & 3rd party 
interflaces for telecomm cus- 
tomer care. Req.: 2 yrs exp. as 
systems analyst, program 
mer/analyst or software engi: 
neer. Must have exp. w/Ingres 
Oracle, C and either Tris+ or 
UNIX and exp. w/telecomm 
projects. 

Analyze existing & proposed 
telecomm systems to improve 
production or workflow as 
required. Req.: 2 yrs exp. as 
systems analyst or in a soft 
ware development occupation. 
Must have exp. w/COBOL 
Oracle, SQL & UNIX acquired 
through education or employ 
ment 
--Analyze, test & implement 
telecomm software systems 
including HP UX and high 
availability configuration. Req 
2 yrs exp. as systems analyst 
or in a software development 
occupation. Must have exp. 
w/ingres, Tris & Oracle & exp. 
witelecomm projects. 
~-Code, review, test & impie- 
ment telecomm software at 
client sites. Req.: 2 yrs exp. as 

S analyst or in a soft 

2 development/consulting 
occupation. Must have exp. 
w/COBOL, JCL, DB2 & VSAM 

-Develop, test, & maintain 
batch jobs for telecomm soft 
ware, including environmental 
setups. Req.: 2 yrs. exp. as 
systems analyst or program- 
mer. Must have exp. w/either 
Ingres, C, COBOL & UNIX or 
with ingr Oracle & SQL 
Must have telecomm project 
exp. 

Analyze database access 
patterns for telecomm billing 
software. Req.: 2 yrs. exp. as 
systems analyst or in a soft 
ware development occupation 
Must have exp. w/ingres, Tris, 
COBOL, Perl & telecomm pro 
ject exp 
All above positions require a 
Bachelor's Degree in 
Computer Science Math 
Physics, Engineering or a relat- 
ed discipline. 
> Jr. Systems Analysts 

Under supervision of Sr 
Systems Analyst, produce 
flowcharts & program specifi- 
cations for telecomm software 
Req.: Bach. Deg. in Comp. Sci 
Econ., Eng’g 
or a related discipline & exp. 
w/Visual Basic through educa 
tion or employment 

Provide tech support to back- 
end development team in cre: 
ation of tests, procedures & 
documentation. Req.: 2 yrs 
college study in Eng’g, Comp. 

ci., Electrical Sciences or a 

lated discipline & 2 yrs. exp. 
as jr. systems analyst or pro. 
grammer/analyst. Must have 
exp. w/ COBOL, JCL, DB2 & 

VSAM 








Due to the unpredictable 
growth of the telecommunica- 
tions industry, candidates for all 
positions listed must be willing 
to temporarily relocate to client 
sites throughout the U.S. 


Send resume to: Amdocs, Inc 
1390 Timberlake Manor 
Parkway Box CH21 
Chesterfield, MO 63017 

Fax: 314-212-7076 

jobs @ amdocs.com 


FT Manager of Software 
Development. Multiple positions. 
Responsibilities include: Manage 
the design, development and 
implementation of data base 
architecture and client/server 
systems supporting banking and 
financial industry software; man- 
age the design and development 
of financial fund transaction 
networks and messaging services 
utilizing SWIFT protocol, FIN 
services, Middlewear, FED, CHIPs 
and MQ series; manage the 
design and development of 
UNIX- and Windows NT-based 
database applications and data- 
base libraries utilizing Oracle 
Pro C, SQL, C++ and Java; and 
manage 6-8 Software and 
Hardware Engineers and other 
computer professionals. Must 
have an MA/MS or its foreign. 
educational equiv. in Comp. Sc 

Engineering or a related field 
and 3 years of exp. as a Software 
Eng., Sys. Analyst or a related 
occupation, or a BA/BS or its 
foreign/educational equiv. in 
Comp. Sc., Engineering or a 
related field and 5 years of 
progressive exp. as a Software 
Eng., Sys. Analyst or a related 
occupation. Must be willing to 
travel domestically and interna- 
tionally to client sites and to 
parent company in Israel, as 
needed. Salary: $96,400 per 
year and up, commensurate with 
experience 


FT Software Eng. Multiple posi- 
tions. Responsibilities include 
Design, develop and implement 
web-based transaction processing 
software products, middleware 
and distributed databases for the 
banking and financial indusiry 
utilize UML, MFC, ATL, WLE 
Tuxedo, CORBA, MQ Series, 
JAVA, ActiveX, DHTML, XML. 
JavaScript, Active Server Pages. 
HTTP, SSL, COM, C++, Oracle. 
SQL, Rational Rose Booch, 
Symantec Cafe, JDBC, RMI 
Domino WebServer, Lotus Notes 
4.5, Win NT and 95 family and 
Unix to lay the foundation and 
structure the design for four tier 
products. Must have 2a BA/BS or 
its foreign/educational equiv. in 
Comp. Sc., Engineering or related 
field and 3 years of exp. as a 
Software Eng., Sys. Analyst or a 
related occupation or an Assoc 
Degree or its foreign/educational 
equiv. in Comp. Sc., Engineering 
or related field and 5 years of 
exp. as a Software Eng., Sys 
Analyst or a related occupation. 
Must be willing to travel domes- 
tically and internationally to client 
sites and to parent company 
in Israel, as needed. Salary 
$72,000 and up, commensurate 
with experience. If interested 
submit resume in duplicate to: 


Ms. Nancy Tomaselli 
Fundtech Corporation 
157 Technology Parkway, 
Suite 100 
Norcross, Georgia 30092 


SOFTWARE CONSULTANT 


Analyze & evaluate existing or 
proposed software systems 
Dvip., implement & improve 
programs, systems & reiated 
procedures to process data 
using in-depth knowledge of the 
systems dvipmt. life cycle. Encode. 
test, debug & install operating 
programs & system software 
based on client specs. Dsgn 

dvip. & implement software 
packages in the SAP (ERP and 
CRM) environment utilizing 
knowledge of SAP modules. 
RDBMS tools & programming 
languages. B.S. (or equivalent) 
in Comp. Sci., Math, Engrg 

Business or Commerce plus 2 
yrs. exp. in either job offered 
or as Programmer Analyst or 
Software Engr. rqd. Experience 
must include SAP modules/envi- 
ronments; Oracle or Sybase 
RDBMS tools; & JAVA, PL/SQL 
or ABAP programming languages. 
High mobility preferred. 40 
hrs/wk, 8 am — 5 pm, $61 ,000/yr. 
Qualified applicants report/ 
submit resume to: JS Supervisor 
Greene County Team PA Career- 
Link, 4 West High Street, Way- 
nesburg, PA 15370-1324. Refer 
to Job Order No. WEB225260 


| Ber V aoe 


Business Analyst Supervisor. 
Plan and organize new product, 
conversion and other work unit 
projects and activities; meet with 
client management to identify 
and define business purpose 
and requirements for major 
products, new systems, policy 
changes or related products 
monitor status of project activity 
and data processing requests to 
ensure that deadlines are met. 
review programming specifica- 
tions to determine the impact of 
requested changes on other 
systems, programs and proce- 
dures; supervise the activities of 
subordinate work units (e.g 
client services, technical support 
roamer processing, interexchange 
processing); evaluate program 
ming and operational needs of 
work units to enhance effective- 
ness; evaluate system updates 
or enhancements; and review 
budget reports and prepare fore- 
casts to project expenses and 
revenue. Requirements: bachelor's 
or foreign degree equivalent 
in business administration, engi 
neering, or computer science 
plus four years of project man- 
agement experience. Salary 
$68,461. 40 hrs/wk, M-F, 8:00am 

5:00pm. For consideration 
please forward two resumes to: 
North Metro, Job Order #GA 
7051404, 2943 N. Druid Hills 
Rd., Atlanta, GA 30329 or the 
nearest Department of Labor 
Field Service Office 


Applications Programmer needed 
for Coral Gables information 
technology consulting firm to 
convert data from project speci- 
fications and statements of prob- 
lems and procedures to create 
computer programs. Min req 
Bach degree in computer science 
plus 2 yrs exp. Send resumes to 
SA Consulting LLC 2121 Ponce 
de Leon, #620 Coral Gables, FL 
33134 


Application Implementation 
Specialist 
Duties include using knowledge 
of Engineering & business 
understanding of pianning & 
scheduling concepts, with such 
computer software/techniques as 
SQL & Oracle8, dernand planning 
& forecasting, to install company 
products, such as FactoryWorks 
& eDapter, which allow better 
manufacturing automation for 
our clients. M.S. in Industrial, 
Mechanical or Electrical Eng. or 
related or B.S. + 5 yrs. exp. in 
application development accept- 
able in lieu of M.S. Ability to use 
C, C++, SQL, Oracie8. Travel 
required. Positions Available 
Multiple 
40.0 hr/wk. 9:00 - 5:00 


Applicants Send resume to: 
Mr. Jeff Slosar, President 
Triniti Corporation 
1940 North 13th St, Ste. 231 
Reading, PA 19604 


Computer Professionals: 

IT professionals with 2-5 years 
of progressive experience required 
by Software Development & 
Consulting firm in iselin, NJ for 
the following positions: 

Web Developers. 
Programmers/System Analysts: 
Software Engineers with C,C++ 
Java, VC++ 

Unix Systems Administrators: 
Project Managers 
Client/Server Developers & 
Networking Administrators. 
Oracle/Sybase/MS Sequel Server 
DBA's. 

Individuals must have Bachelors/ 
Masters Degree in Engineering 
or Science or Technology or 
Math or Commerce or Equivalent 
Please respond to HR Depart 
ment, CG-Vak Software (USA) 
Inc., 100 Wood Avenue South 
Suite #113, Iselin, NJ 08830 
or e- mail to mailto:murali@ 
cg-vak.com 


PROGRAMMER ANALYST 
Plan, develop, test, and docu- 
ment computer software for ERP 
application using BPCS software 
including evaluation of user 
requests, consultation with 
clients and providing technical 
assistance and training to users 
Must have a minimum of four 
years experience. Send resume 
to: HR, JGI, 201 West Passaic 
Street, Suite 300, Rochelle Park 
NJ 07662 


Software Engineer, Atlanta 
Develop, support & enhance of 
web based collaborative software 
tools in Unix & NT environment, 
integrate legacy systems, using 
Java, XML, DHTML, DCOM. 
EJB, JSP, Servietts, OOD-OOP. 
Req. BS in comp sci or engg & 3 
yrs exp as a programmer, analyst, 
or eng & knowledge of J2EE 
Resumes: S. O'Toole, MediaO- 
cean, 250 14th St, NW, 4th Fi 


Atlanta, GA 30318 
cna 


Data Process Programmer/Lead 
Analyst — design, develop, test 
maintain & implement the Mary- 
land Business Entity System 
using knowledge of & exp. w/ 
DB2, COBOL, CICS, IBM 
Mainframe & Xerox Printing 
Solutions; Requires B.S in 
computer science, information 
systems, engineering, math or 
physical sciences plus 5 years 
progressive exp. Mail resumes 
to Dept. of Assessments 
& Taxation, Attn: Personnel 
Administrator, 300 W. Preston 
Street, Room 511, Baltimore, 
MD 21201. 40 HR/WK. HRS 
8:00-5:00. 


Network Administrator needed 
for Miami telecommunications 
provider to monitor data com- 
munications network to ensure 
availability to all systems users 
and to resolve network problems. 
Min req. 2 yrs exp. Send resumes 
to Business Technology Services, 
Inc. P.O. Box 310426 Miami, FL 
33231 


Network Administrator needed 
for Miami travel consulting firm to 
monitor data communications 
network to ensure that network 
is available to all systems users. 
Min. req. 2 yrs. exp. Send 
resumes to BR Online Travel, 
P.O. Box 310668 Miami, Florida 
33231 


eScription, inc. is looking for an 
R&D Engineer for Language 
Modeling. Perform programming 
development w/a group of 
speech recognition engineers. 
Min req: BS or equiv in Physics, 
plus 2 yrs exp w/speech recog 
nition systems, expertise in large 
vocabulary language modeling & 
research techniques. Strong 
knowledge of C programming is 
essential. Send resume to 
HR@escription.com or 200 
Highland Ave, #401, Needham 
MA 02494. EOE 


Tcareers.com is 


the place where your fellow readers 


are getting a jump 


Stop in a visit. 


on even more of 


Software Engineer sought by 
company in Denver, CO special- 
izing in business software solutions 
to work in Denver & other unan- 
ticipated job sites in the US 
Design & develop software 
applications & software tools 
These software applications 
incorporate client/server archi- 
tecture &/or are web-based 
Additionally, design & develop 
middleware which allows different 
software applications to commu- 
nicate with one another. Analyze 
requirements. Create designs & 
design documentation. Code, 
test, & de-bug the software 
applications. Use XML technology, 
Visual C++, & JAVA in the design 
& development process. Engage 
in project management as 
required. Requires Bachelor's in 
computer science or related 
field; Working knowledge in 
developing middleware, C++ & 
JAVA (working knowledge may 
be gained through employment 
experience or in an academic 
program). 8am-5pm, M-F; 
$66,100/yr. (2 openings.) 
Respond by resume to James 
Shimada, Colorado Department 
of Labor & Employment, Empioy- 
ment & Training Division, Tower 
ll, #400,1515 Arapahoe, Denver. 
CO 80202, & refer to Job Order 
Number CO5012712 


Control Engineer: Design electrical 
control system using PC and 
Programmable Logic Controller, 
program control system, and 
configure software for graphical 
user interface. Design electrical 
control panel and wiring 
schematics. Req. MS or equivalent 
in EE or CS. Proficiency in PLC 
HMI and SQL. $65600, 40hr/wk, 
9-5, Position located in Duluth 
GA. Send resume to Innovative 
Control, Inc., Attn: Human 
Resources Manager, 624 Relia- 
bility Circle, Knoxville, TN 37932. 


the world's best jobs. 


See for yourself. 
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Special Projects Director for 
company located in Grand 
Prairie, Texas. 40-hour week, 
8a-5p, Masters or foreign degree 
equivalent in Computer Science 
and 1 year experience as a 
Systems Analyst. Supervise 1 
employee. Responsible for IT 
project management including 
planning, designing and imple- 
menting technology solutions in 
order to reduce production costs 
and increase efficiency. Fax 
resume to Human Resources 
972-642-9987 


Systems Analyst wanted in 
Houston, TX. Respond to: HR 
Dept., A-Z Services, Inc., 4523 
Bermuda, Sugarland, TX 77479. 


Software Engineer - SAP. Evalu- 
ate systems in conjunction with 
implementation of SAP system 
Modify system or develop new 
system. Coordinate business 
processes & execute training & 
documentation. implement various 
modules. Req: BS in Eng., Comp 
Sci, Comp Eng,. Elect. Eng, IT or 
related field with 2 years exp. 40 
hr-wk. Job/Interview Site: irvine. 
CA. Send resume to Emprise 
Consulting LLC, 166 Amherst 
Aisle, Irvine, CA 92612 


Corpinfo Services has a great 
opportunity for a Lotus Notes Sr. 
Engineer with 5 yrs experience 
managing large Domino projects 
on NT, Unix and AS/400 envi- 
ronments. Qualified candidate 
will have proven experience in 
Domino migration projects 
Domino cluster & partition 
servers. iNotes for Web Access 
and Outlook. Notes clients on 
Citrix Metaframe. Lotus Sametime 
and Domino. Doc deployment 
Please send resume to: Corpinfo 
Services, Attn: Director, DSG 
11840, W Olympic Bivd., Los 
Angeles, CA - 90064 
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IT careers and 

IT careers.com reach 
more than 2/3 of all 
US IT workers every 
week. If you need to 
hire top talent, start 
by hiring us. 


Call your IT careers 
Sales Representative 
or Janis Crowley at 
1-800-762-2977. 


ITCAREERS 
where the best get better 
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BUSINESS SOFTWARE ENGI- 
NEER: . Indus Valley Software, 
Inc. one of the fastest growing IT 
service companies requires a 
Business Software Engineer to 
research, analyze design and 
develop programs for business 
application systems. Evaluate 
and design SAP software 
applications, custom codes and 
conversions that automate 
specific business processes by 
utilizing different development 
tools, database environments 
and platforms. Need Bachelor's 
degree in Commerce/CS with 
one years experience as a soft- 
ware engineer or as a SAP 
F/3 programmer. Please send 
resumes to Mr. Ajay Wagh, Indus 
Valley Software Inc., 7457 
Harwin Drive, Suite # 208, Hous- 
ton, Texas 77036. 


Megasoft Systems, Inc. a SAP 
Consulting firm, is in the process 
of developing tools in the 
customer service area for mid- 
size utility companies. We have 
immediate, multiple openings for 
experienced Programmer Ana- 
lysts to assist in the development 
of tools for the utility industry 
using SAP R/3 software, 
ABAP/4 languages, & IS-U/ 
CCS. Requires B.S. Computer 
Science or related field or equiv. 
& min. 2 yrs. experience in job 
offered; good communication 
skills, & must be highly motivated. 
We offer a competitive salary 
& benefits package. Qualified 
candidates send resume to 
Attn: Chad Wickes 

Megasoft Systems, Inc 

2550 Middle Road; Suite 300 
Bettendorf, |A 52722 


Software Engineer - SAP. Evaluate 
systems in conjunction with 
implementation of SAP system 
Modify system or develop new 
system. Coordinate business 
processes & execute training & 
documentation. implement various 
modules. Req: Masters in Engi 
neering and 2 years exp. 40 hr- 
wk. Job/Interview Site: San 
Dimas, CA. Send resume to 
Sun Technosoft, 1557 Avenida 
Entrada, San Dimas, CA 91773 


Designer (Web Sites). Design 
contemp. art & copy layouts inc. 
annual reports, publications. 
displays & conference material 
for websites. Create designs for 
animation & Java Scripts. Req 
Bachelor's in Graphic Design or 
Business Admin. with emp. on 
websites designing. 40-hr. wk 
Job/Iinterview Site: Culver City, 
CA. Please send resume to 
E-Design International, inc 

5209 Agustine Lane, Culver City, 
CA 90230. 


SAS Programmer Analyst 
Develop and write computer 
Programs utilizing statistical 
tools and methods. Bachelor 
degree in MIS, Econ. Statistics, 
or sim. major req'd. as is 2 yrs 
exp. in statistical programming 
position. Prior exp. must include 
SAS. Competitive salary. Multiple 
openings. Resume to Wendell 
Tankersley, Resource Manager. 
Job No. 1886.24, Computer Task 
Group, Inc., 5875 Castle Creek 
Parkway,Suite 208, indianapolis, 
IN 46250. 


IT CAREERS 


TAKE ON A 
CHALLENGE! 


Quest Software, the leader in 
business application manage 
ment, thrives on challenge with 
an intense competitive spirit. If 
you share our passion for the 
cutting edge—and want to share 
in the rewards of success 

contact us about the following: 


* Professional Services 
Consultants (Bachelors degree 
plus 1 yr of relevant experience) 
* Account Executives (enter- 
Pnse software sales professionals) 
* Senior Software Engineer 
(OS/390,DB2,C++) 

* Product Manager (currently 
working in directory security 
space) 

* DB2 OS/390 DBA (3 yrs DB2 
OS/380 admin, field position 60- 
70% travel) 

* DB2 UDB DBA (3 yrs DB2 
UDB admin, field position 60- 
70% travel) 


We offer competitive salaries 
and outstanding benefits. To be 
considered, please forward a 
resume to Quest Software, Inc 
8001 irvine Center Drive, Irvine 
CA 92618, attn: Staffing, e-mail 
careers @quest.com. An equal 
opportunity employer. 


QUEST SOFTWARE 


Technical Manager sought by 
company in Englewood, CO 
specializing in software develop- 
ment, sales & services to work in 
Westminster, CO & other unan- 
ticipated job sites in the US, 
Engage in full life-cycle software 
development of geographic 
information systems software 
applications in a personal com- 
puter or web environment. The 
applications incorporate relational 
database management systems, 
& the non-web based applica 
tions run on UNIX or Windows 
NT operating systems. Analyze 
requirements & create designs. 
Code, test, debug & enhance the 
software applications. Implement 
the applications & integrate them 
with clients’ existing architectures 
& systems. Mentor software 
developers & engage in project 
management as needed. Utilize 
C, C++, SQL, HTML, Java & pro- 
prietary languages & tools in the 
design & development process. 
Requires Bachelor's or foreign 
equivalent in computer science. 
geographic information systems 
or related field; 3 yrs 
of progressive experience in 
designing & developing geo 
graphic information systems 
software applications. 8am-5pm 
M-F; $104,000/yr. Respond by 
resume to James Shimada 
Colorado Department of Labor & 
Employment, Employment & 
Training Division, Tewer |, #400. 
1515 Arapahoe, Denver, CO 
80202, & refer to Job Order 
Number CO5012304 


Programmer Analyst sought by 
company in Denver, CO special. 
izing in business software solu- 
tions to work in Denver & other 
unanticipated job sites in the US 
Design & develop software 
applications & interoperability 
software infrastructure that allow 
the company's suites of applica- 
tions to access & operate with 
partner software solutions 
Analyze requirements. Create 
designs & design documentation 
Code, test, & de-bug the soft 
ware applications. Use JAVA 
C++, XML & object oriented 
Programming techniques in the 
design & development process. 
Requires Bachelor's in computer 
science or related field; 1 yr. 
designing & developing computer 
software application using JAVA. 
C++ & object oriented prograrn- 
ming techniques. 8am-5pm 
M-F; $58,000/yr. (2 openings.) 
Respond by resume to James 
Shimada , Colorado Department 
of Labor & Employment 
Employment & Training Division 
Tower II, #400, 1515 Arapahoe. 
Denver, CO 80202, & refer to 
Job Order Number CO5012752 


For over 20 years, Syntel employees across North America, Europe, and 
Asia have helped build advanced information technology systems for lead- 
ing Fortune 500 companies and government organizations to improve their 
efficiency and competitiveness. Today, Syntel professionals are building 
rewarding careers by providing solutions in e-business, CRM, Web Design 
and Data Warehousing. 


Come discover why Forbes magazine placed Syntel second on its list of 
“The 200 Best Small Companies in America” and Business Week ranked 
us #11 on its list of Hot Growth Companies. 


Due to our rapid growth, we have immediate, full-time opportunities for 
both entry-level and experienced Software Engineers, Consultants, 
Programmers, Programmer/Analysts, Project Leaders, Project Managers, 
Supervisors, Database Administrators, Computer Personnel Managers 
and Computer Operations/Account Managers/Account Executives with 
any of the following skills: 


Mainframe 
* IMS DB/DC or DB2, MVS/ESA, 
COBOL, CICS 


DBA 
* ORACLE or SYBASE * DB2 


Client-Server/WEB 
* Siebel ¢ Oracle Applications & Tools 
* Websphere * Lotus Notes Developer 
* Com/DCom ¢ UNIX System Administrator 
* Web Architects ¢ UNIX, C, C++, Visual C++, CORBA, 
© Datawarehousing OOD or OOPS 
* Informix, C or UNIX * WinNT 
* Oracle Developer or Designer 2000 = * Sybase, Access or SOL server 
¢ JAVA, HTML, Active X ¢ PeopleSoft 
© Web Commerce * Visual Basic 
* SAP/R3, ABAP/4 or FICO or MM © PowerBuilder 
& SD ° \EF 


¢ Focus, IDMS or SAS 


Account Executives, Account Managers and 


Business Development 
Positions available. 


Some positions require a Bachelor's degree, others a Master's degree. We also 
accept the equivalent of the degree in education and experience. 


With Syntel (NASDAQ: SYNT, you'll enjoy excellent compensation, full benefits, 
employee stock puzchase plan and more. Please forward your resume and salary 
requirements to: Syntel, Inc., Attn: Recruiting Manager-LD02, 2800 
Livernois Rd., Suite 400, Troy, Mi 48083. Phone: 248-619-2800; 

Fax: 248-619-2888. Equal Opportunity Employer. 


SYN TEL 
www.syntelinc.com 
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IT Career Opportunities 


ALABAMA 
Comsultant 


CALIFORNIA 


App. Support 


DB Admin 


ERP Prod. Specialist 


Staff Consult./Tech Anal. 
Tech. Bus. Team Lead 


Unix Sys. Admin. 


ILLINOIS 


Sr. Consult 


Staff Consultant 


MARYLAND 
Program/Anal 


Sr. Comp. Scientist 
Comp. Scientist 


MISSOURI 
Sr. ERP Prod. Specialist 


OHIO 
Bus. Designer 


Analyst 


VIRGINIA 


Staff Consultant/Team dr. 


Sr. Info. Eng 


Comp Scientist 


Comp. Scientist 
DB Admin. 
Sr. Member of Tech. Staff 


Sr. Tech/DB Specialist 


WEST VIRGINIA 
ERP Prod. Spocialis: 


eschr@csc.com 
KH-Cw-202 Kien 
Hale, 2100 E. Grand Ave., EI Segundo, CA 
90245 


HTTF 


OOO a sect re taney’ 
Read Ses 2 


Software Engineers and Service 
Consultants Needed 


Software Engineers design and 
develop ENOVIA’S Product Data 
Management Software according 
to customer requirements. 


Service Consultants provide 
customers with PDM/PLM/CAD 
product implementation consul- 
tancy, evaluate operational and 
performance requirements of 
customer systems, and imple- 
ment appropriate Product Data 

fanagement Software solutions 
that best address the needs of 
the customers. 


Positions require at least a 
Bachelor's degree in Computer 
Science, Engineering, or a 
closely related field as well as 
previous experience working 
with the design of software ap- 
plications. ENOVIA is a leader in 
developing and implementing 
innovative Digital Enterprise 
Solutions. ENOVIA offers a com- 
petitive salary and comprehen- 
sive benefits package. ENOVIA 
is an equal opportunity employer. 
Qualified applicants please 
forward your resume and salary 
requirements to enoviahr@ 
enovia.com 


Application Development & 
Support Manager. Manage pro- 
jects to design, develop, test & 
implement in-house information 
systems applications using client- 
server technology & object- 
oriented methodologies. identify 
& organize efforts to resolve 
system operating problems 
Prepare budgets & cost estimates. 
Manage training & help desk 
functions. Supervision of IT staff. 
Tools: ER-Win; Oracle; SQL 
Server; Access; Spy; VC++; Visual 
Basic; VinterDev. Bachelor's de- 
gree in Comp. Sci. or Comp. Eng 
+ 1 yr. exp. in job offered or as 
Consultant req'd. Prior exp. must 
include Visual Basic; Access 
ER-Win. 40 hrs/wk, 9am-5pm. 
$88,000/yr. Applicants must show 
proof of legal authority to work in 
the U.S. Send 2 copies of resume 
& cover letter to lilinois Dept. of 
Employment Security, 401 S 
State St.-7 North, Chicago, IL 
60605. Attn: Brenda Kelly. Ref# 
V-IL 27036-K. Employer Paid Ad 
No calls 


SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer 
programs for business applica 
tions; analyze software require 
ments to determine feasibility of 
design; direct software system 
testing procedures using expertise 
in Oracle 8.0, Perl and HP Open 
View. Requirements: Bachelor's 
Degree or equivalent in Com 
puter Science or related field 
and two years experience as a 
software engineer or computer 
programmer, knowledge of Oracle 
8.0, Perl and HP Open View. 
Salary: $72,000/year. Working 
Conditions: 8:00 A.M. to 5:00 
P.M., 40 hours/week, involves 
extensive travel and frequent 
relocation. Apply: JS Supervisor 
Greene County Team PA Career 
link, 4 West High Sr , Way 
nesburg, PA 15370 4, Job 
No. WEB222184 


SOFTWARE ENGINEER to 
design, develop, implement and 
maintain application software 
using ILE RPG, RPG IV, 
400, CL/400, EDI, CGI, HTML. 
SDA, SEU, RLU, DFU, DBU 
Query/400 SQL/400_—s and 
Net.Data on AS/400 platform 
Require: B.S. degree in Computer 
Science, an Engineering disci 
pline, or a closely related with 
five years of experience in the 
job offered or as a Programmer 
Systems Analyst. Competitive 
Salary offered. Send resume to 
Colleen Murphy, Director of HR. 
FlexSol Packaging Corp., 1531 
NW 12th Avenue, Pompano 
Beach, Fi 33069; Attn: Job PT. 


IT CAREERS 


Software Developer. Design 
develop, test & implement soft 
ware applications for business 
clients using client-server tech- 
nology & object-oriented method 
ology. Advanced GUI design 
Tools: CASE tools; Booch & 
Jacobs methodology; Forte, C++ 
Visual Basic; Rational Rose 
Select OMT; PowerBuilder; SQL 
Server; Oracle; Sybase. Bachelor's 
in Comp. Sci.* + 2 yrs. exp. in job 
offered or as Programmer or 
Technical Consultant req'd. (“Will 
accept Bachelor's in Mathematics 
or Systems Management.) Prior 
exp. must include: Forte; Power 
Builder. 40 hrs/wk, 9am-5pm 
$62,605/yr. Applicants must show 
proof of legal authority to work 
in the U.S. Send 2 copies of 
resume & cover letter to Illinois 
Dept. of Employment Security, 
401 S. State St.-7 North, Chicago, 
IL 60605. Attn: Brenda Kelly. 
Ref# V-IL 27078-K. Employer 
Paid Ad. No calls. 


SENIOR PROGRAMMER 
ANALYST to analyze, design, 
develop, test, implement, and 
maintain application software for 
the insurance industry using 
Java, serviets, Java Script, XML 
EJB, JDBC, J2EE, HTML 
DHTML, Oracle, Visual Cate and 
Weblogic under UNIX, SUN 
Solaris and Windows 2000/NT 
operating systems. Require 
B.S. degree in Computer Science. 
an Engineering discipline, or a 
closely related field with two 
years of experience in the 
job offered. Competitive salary 
offered. Apply by resume 
to: Robert C. Morrell, CTO, 
Risk Laboratories, LLC, 531 
Roseiane Street, NW, Suite 800. 
Marietta, GA 30060; Attn: Job 
SP. 


SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer pro- 
grams for business applications 
analyze software requirements 
to determine feasibility of design 
direct software system testing 
procedures using expertise in 
Jbuilder, Oracle 8i, PowerScript 
and UML. Requirements: Bach 
elor's Degree or equivalent in 
Computer Science or related 
field and two years experience 
as a software engineer or com- 
puter programmer, knowiedge of 
Jbuilder, Oracle 8i, PowerScript 
and UML. Salary: $80,000/year 
Working Conditions: 8:00 A.M 
to 5:00 P.M., 40 hours/week 
involves extensive travel and 
frequent relocation. Apply: Director 
Pittsburgh/Allegheny Co. Career 
Link, ATTN: JS Supervisor 
425 Sixth Avenue, Suite 2200 
Pittsburgh, PA 15219, Job No 
WEB222210 


Technical Recruiter 


Technical Recruiter to source. 

screen, interview and hire soft 

ware professionals in e-Business, 
internet, client/server, CRM/ERP 
and other areas to provide appli. 

cation integration and project 
management services. Respon 

sible for full life-cycle recruiting 

Hiring candidates in the US and 
internationally in skills like Siebel 
ATG Dynamo, Weblogic, Web 

Sphere and Blue Martini. Under 

stand and quaiify client require- 
ments and find/match candidates 
against those requirements 
Requirements: Bachelor's Degree 
or equivalent and three years 
relevant experience, multi-cul 

tural recruiting experience, tech 

nical background, familiarity with 
industry, technical issues and 
software terminology. Salary 
$65,374/year. Working Conditions: 
8:00 A.M. to 5:00 PM., 40 
hours/week, International travel 
is required. Apply: JS Supervisor, 
Green County Team PA Career- 
Link, 4 West High Street, 
Waynesburg, PA 15370-1324 
Job No. WEB223183. 


SOFTWARE ENGINEER 


Software engineer to design. 
develop and test computer pro- 
grams for business applications; 
analyze software requirements 
to determine feasibility of design. 
direct software system testing 
procedures using expertise in 
Java JDK 1.2, CGI-Perl, Oracle 
and JRun. Requirements: Bach- 
elor's Degree or equivalent in 
Computer Science or related 
field and two years experience 
as a software engineer or com- 
puter programmer, knowledge of 
Java JDK 1.2, CGI-Peri, Oracle 
and JRun. Salary: $66,000/year 
Working Conditions: 8:00 A.M 
to 5:00 P.M., 40 hours/week 
involves extensive travel and 
frequent relocation. Apply: JS 
Supervisor, Fayette County Team 
PA Careerlink, 32 lowa Street 
Uniontown, PA 15401-3513, Job 
No. WEB222177 


SOFTWARE ENGINEER 


Software engineer to design, de- 
velop and test computer pro- 
grams for business applications; 
analyze software requirements 
to determine feasibility of design 
direct software system testing 
procedures using expertise in 
Oracle Forms 4.5, Oracle 7.3 
Pro*C and Developer/2000. Re- 
quirements: Bachelor's Degree or 
equivalent in Computer Science or 
related field and two years expe 
rience as a software engineer or 
computer programmer, knowledge 
of Oracle Forms 4.5, Oracle 7.3. 
Pro*C and Developer/2000. Salary 
$66,000/year. Working Conditions 
8:00 A.M. to 5:00 P.M., 40 hours: 
week, invoives extensive travel 
and frequent relocation. Apply 
Manager, Washington County 
Team PA Careerlink, Millcraft 
Center, Suite 150LL, 90 West 
Chestnut Street, Washington, PA 
15301, Job No. WEB222182 


Midwest Consulting Group is 
seeking IT professionals. Positions 
are open for Sr. Programmer 
Analysts and Software Engi- 
neers for openings in Kansas 
City and Dallas metro areas 
Salary depends on qualifications 
Positions require a B.S. in 
Computer Science + 1 year 
of relevant experience. Send 
resume to: Patrick Borders 
MCG,2300 Main Street, Suite 
860, Kansas City, MO 64108 
Must have authority to work in 
the US. 


Software Developer for processing 
and encoding texts in Asian 
languages. Reqs: Masters + 2 


years exp. 


* statistical clustering methods 
* semantics indexing 
* multimedia databases and net- 


working 


Teragram, 236 Huntington Ave. 
#302, Boston, MA 02115, Attn 
Yves Schabes. NO CALLS 


SOFTWARE ENGINEER to 
design and develop integrated 
VoiceMail systems and speech 
recognition software using C 
C++, Visual C++, ATL, Dialogic 
Voice Cards, L&H software. 
COM, Visual Source Safe, ODBC 
SQL and Boundschecker on 
Windows NT platform; Integrate 
IBS and SMDI with switch and 
InBand signaling. Require: B.S 
degree in Computer Science. 
an Engineering discipline, or a 
closely reiated field with three 
years of experience in the job 
offered or as a Programmer. 
Analyst. Competitive salary 
offered. E-mail resumes to: 
job1 @teleco.com; Attn: Job AB. 
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SOFTWARE ENGINEER 


Software engineer to design, 
develop and test computer pro- 
grams for business applications, 
analyze software requirements 
to determine feasibility of design: 
direct software system testing 
procedures using expertise in 
Peri, Oracle, PL/SQL and IRIX 
Requirements: Bachelor's Degree 
or equivalent in Computer Sci 
ence or related field and two 
years experience as a software 
engineer or computer programmer, 
knowledge of Peri, Oracle, PL/ 
SQL and IRIX. Salary: $66,000/ 
year. Working Conditions: 8:00 
A.M. to 5:00 P.M., 40 hours; 
week, involves extensive travel 
and frequent relocation. Apply 
Manager, Armstrong County 
Team PA Careerlink, 1270 North 
Water Street, PO Box 759, 
Kittanning, PA 16201-0759, Job 
No. WEB222189 


SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer pro- 
grams for business applications 
analyze software requirements 
to determine feasibility of design 
direct software system testing 
procedures using expertise in 
Lotus Script, Notes Domino, 
Oracle and PL/SQL. Require- 
ments: Bachelor's Degree or 
equivalent in Computer Science 
or related field and two years 
experience as a software engi 
neer or computer programmer. 
knowledge of Lotus Script, Notes 
Domino, Oracle and PL/SQL 
Salary: $68,750/year. Working 
Conditions: 8:00 A.M. to 5:00 
P.M., 40 hours/week, involves 
extensive travel and frequent 
relocation. Apply: Manager, West- 
moreland County Careerlink, 300 
East Hillis Street, Youngwood 
PA 15697-1808, Job No. WEB 
222192. 


SOFTWARE ENGINEER 


Software engineer to design 
develop and test computer pro- 
grams for business applications 
analyze software requirements 
to determine feasibility of design, 
direct software system testing 
procedures using expertise in 
JSP, C, Oracle 8.0 and iPlanet 
Enterprise Server. Requirements: 
Bachelor's Degree or equivalent 
in Computer Science or related 
field and one year experience as 
a software engineer or computer 
programmer, knowledge of JSP, 
C, Oracle 8.0 and iPlanet Enter: 
prise Server. Salary: $66,000, 
year. Working Conditions: 8:00 
A.M. to 5:00 P.M., 40 hours) 
week, involves extensive travel 
and frequent relocation. Apply 
Manager, Beaver County Team 
PA Careerlink, 2103 Ninth Avenue, 
Beaver Falls, PA 15010-3957 
Job No. WEB222209. 
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Continued from page 1 


Apps Support 


ley Dean Witter & Co. in De- 
cember gave Oracle a “poor” 
rating on support (see chart). 

In addition, 32% of the re- 
spondents said the quality of 
Oracle’s support is declining. | 
And 52% said that Oracle isn’t 
a customer-centric company. 
The report, which was re- | 


leased last month, attributed 
much of the dissatisfaction to 
upgrade problems that many 


users encountered after Oracle | 


released its E-Business Suite lli 

applications two years ago. 
Terracon, a Kansas City, 

Mo.-based engineering con- 


sulting firm, has been working | 


to upgrade its systems to lli for 
the past 18 months. Frank Mi- 
lano, Terracon’s CIO, said he 
has had to install 10 large sets 


Software Patches Add to IT Workload 


A big source of frustration for some 
users of enterprise applications are 
the patches that vendors develop 
to fix bugs in their software. 

“I've found these patches fix 
things, but they also break things 
{in other parts of a system],” said 
Joe Imbimbo, an Oracle applica- 
tions database administrator at 
TMP Worldwide. Oracle's patches 
require extensive testing to judge 
their effects on the applications 
themselves and on supporting 


Continued from page 1 


Research 


storage and networking gear. 
“Things that we had slated to | 
buy in 2002 we bought in 2001 
because we could get such a 
good price,” Homa said. “Dis- | 
counts were 10% to 20% above 
normal for year-end discounts. 
It was a great time to buy tech- 
nology. We haven’t cut back on 
our research because we still 
think it’s very important.” 

What he needs most from 
his key research suppliers — 
Gartner Inc. and Boston-based 
AMR Research Inc. — is spe- 
cific product-evaluation data. 

But Hannaford’s case is an 
anomaly, according to AMR 
Research CEO Tony Friscia. 
“In a recession, most people 
aren’t buying anything new” in 
the areas of hardware or soft- 
ware, Friscia said. 

So AMR is retooling its re- 
search offerings to include ROI 
analysis models and bench- 


| 
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products, such as TMP’s Oracle 
databases, Imbimbo said. Oracle 
could save users time and effort if it 
better documented the parts of its 
applications that the new patches 
might affect, he added. 

Chuck Virag, an IT bureau chief 
for the Montana state government, 
said Pleasanton, Calif.-based Peo- 
pleSoft Inc. has improved its cus- 
tomer support since early last year. 
But Virag added that he remains 
cautious about installing patches 


marking tools to help users get 
the biggest bang from the hefty 


IT investments they have al- | 


ready made. 


AMR also reduced its work- | 


force by 10% in November, cut- 
ting 30 analysts and salespeo- 
ple from its staff, which now to- 
tals 235 people (see chart). But 
Friscia said this hasn’t nega- 
tively affected service to users, 
because the ratio of analysts to 
user clients remains the same. 
“We grew our staff pretty ag- 
gressively in the beginning of 
2001 on the assumption that 
we'd come in at revenue of $60 
million-plus,” he said. 


As it turned out, AMR post- | 
ed revenue of $48 million in 


fiscal 2001, up from $42 million 
in fiscal 2000 but well shy of its 
ambitious projection for last 


year. Meanwhile, the research 


firm’s client base shrank from 
1,060 to about 1,000. 


Gartner, which has 650 ana- | 


lysts and about 11,000 clients, 
who spend an average of 
$84,000 per year at the firm, is 
vin Dace 
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of patches. But the patching | 
process hasn’t always been 
smooth. Milano said it took 
three months to fix a data- 
transfer bug between Oracle’s 
accounts receivable and proj- 
ect management modules. | 
“Once we discovered the prob- 
lem, a simple patch ... should 
have taken days,” he said. 
Oracle isn’t alone in drawing 
criticism. Stamford, Conn.- 
based Gartner Inc. said in a re- 


issued by PeopleSoft. “We assume 
they have not been adequately test- 
ed,” he said. 

Frank Milano, ClO at engineering 
consulting firm Terracon, said Ora- 
cle typically releases packs con- 
taining multiple patches. That may 
be easier for some users, but Mi- 
lano said it puts a strain on smaller 
companies with limited IT re- 
sources. Oracle's “typical solution 
is to blow in a large patch set, and 
in many cases, that’s just not feasi- i 
ble [for us to install],” he said. j 

- Mare L. Songini 
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focusing more on company- 
specific research and consult- 
ing, said Gartner CEO Michael 
Fleisher. Revenue for this part 
of the business is up 8% over 
last year, he added. 

“Clients are looking for 
more consultative help and 


Analyze This 


AMR Research Inc. 
Reduced by 10% in November 


Gartner Inc. 
Reduced by about 6% last 
July and another 1% last month 


Giga Information Group Inc. 
Reduced by 20% in 2001 


Forrester Research Inc. 
Reduced by 22% last month 


Ipc 
Reduced by 4% iast July 


Meta Group Inc. 
Reduced by 15% last April and 
another 7% this month 
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port this month that it has re- 
ceived increased complaints 
about SAP’s support over the 
past six months. An informal 
survey of 19 users showed 


weaknesses in areas such as | 


the speed with which SAP re- 


solves support requests and | 


the quality of information it 


provides to users while fixes | 


are in the works, Gartner said. 

Frank Rutigliano, a senior 
project manager at the New 
York Power Authority in Al- 


| bany, said SAP’s support work- | 
ers are too quick to “wash their | 


hands” of technical problems 
and make users pay extra fees 
to get consulting help. 

Joshua Greenbaum, an ana- 
lyst at Enterprise Applications 


Consulting in Daly City, Calif. | 


said customer satisfaction on 
support is elusive throughout 


I talk to IT managers and CIOs, 
the consistent 


quality of software and support 
is below expectations,” he said. 


measurement services. These 


are very critical in a tough | 
| support issues affecting li up- 


economy,” Fleisher said. 

So is staying ahead of top 
management, which seems to 
be relying even more heavily 


on technology to pull through | 


the economic downturn, said 
Judy Zilka, an IT manager at 


The Andersons Inc., a $990 | 


million agricultural products 
company in Maumee, Ohio. 
That’s one reason Anderson 
retained its flat-rate subscrip- 
tion to Gartner’s Advisory Ser- 


vice. However, Andersons did | 
| TMP Worldwide Inc. But Im- 
ditional users to tap into the | 


reduce what it spends for ad- 


research. This is because the 
cost of each added user soared 
from $500 in 2001 to $15,000 
this year, Zilka said. 


zines and coming up 


ply technology to. It’s difficult 


to stay ahead, but if you stay | 


status quo with technology, 
you can’t compete,” she said. P 
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Support Calls 


How would you rate Oracle’s 
application support capabilities? 


Excellent | 1 
Good Bis 
Average QR 42 


wi 
“jC 
< 


Base: 139 members of the Oracle Appi 
Users Group (OAUG) surveyed in Dec: 


Poor 


No opinion 


A spokesman for SAP Amer- 
ica Inc. said SAP officials don’t 
view the Gartner survey as sta- 
tistically valid. Without offer- 
ing specific numbers, he said 
SAP’s own quarterly surveys 


| indicate that user satisfaction 
the applications market. “When | 


is trending upward. 

Likewise, Oracle pointed to 
a survey of 4,786 application 
users that it conducted in De- 


92% of the users indicated that 


| they planned to continue using 
| Oracle’s support services. In 


addition, Oracle officials said 
last fall that the quality and 


grades were “waning.” 

Several users last week said 
they think Oracle’s application 
support has improved from 
where it was three years ago, 
when the company made ma- 
jor changes in response to 
sharp complaints from users. 

Oracle’s support staff is bet- 
ter managed now, said Joe Im- 


| bimbo, an Oracle applications 


database administrator at New 
York-based recruiting firm 


bimbo said he would like to see 
Oracle release higher-quality 
patches (see related story). 

Pat Dues, chairwoman of the 


OAUG customer support coun- 

“The business people are | 
reading the computer maga- | 
with | 
strategies that we need to ap- | 


cil and a project manager in 
the Las Vegas city manager’s 
office, said users should bring 
problems to higher levels if 
need be. “I think some users 
tend to get lost in the chasm of 
Oracle support and _ slip 
through the cracks,” she said. D 
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FRANK HAYES/FRANKLY SPEAKING 


Pointed Questions 


T’S CALLED A PROXY HUNTER. That sounds a little more 
elegant than “security hole hunter,” which is really what this 
kind of software does. Among other things, proxy hunters use 
a word list to probe Web sites, looking for files that are on the 
server but not linked to a company’s home page. 

In December, a hacker pointed a proxy hunter at Comcast Busi- 
ness Communications’ Web site and hit pay dirt: a database of po- 
tential customers. He also found Web servers he could access using 
common log-ins and passwords such as user and test. 


The 21-year-old hacker didn’t pick Comcast’s 
site at random. According to a Feb. 8 Computer- 
world.com news story by reporter Todd Weiss, 
the hacker knew Comcast had just bought 
AT&T Broadband. And he figured that Com- 
cast’s Web administrators would be facing a 
huge amount of work in the wake of the buyout 
and that they’d probably get sloppy. 

He was right. They did get sloppy. There 
were those servers with easy-to-guess pass- 
words. And that database of customer leads — 
real customer leads, by the way, not the dummy 
data that should have been used with a Web ap- 
plication that was being tested. And other files 
that shouldn’t have been sitting on Web servers, 
without Web links but accessible to anyone who 
could guess the file names. 

At this point, maybe you're feeling some sym- 
pathy for Comcast. Most likely, though, you’re 
thinking that this couldn’t happen to your sys- 
tems. Your administrators wouldn’t really do 
things that dumb, right? Nobody on your staff 
would actually shortcut your procedures that 
way — would they? 

Maybe instead of congratulating yourself on 
how good you are, you should be asking some 
pointed questions. 

Do you have well-defined proce- 
dures for administering your Web 
servers? And have those procedures 
been vetted by a security expert to 
spot any glaring holes? And does 
everyone on your staff know what 
those procedures are — and actual- 
ly follow them? 

How often do administrators up- 
date and patch your Web server 
software? Who’s in charge of keep- 
ing track of reported security holes 
and vendor-issued patches? Where’s 
the database where that informa- 
tion is kept? 





FRANK HAYES, Computer- 
world’s senior news colum- 
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How often does an administrator catalog the 
complete contents of your Web servers and 
compare that against what’s supposed to be 
there? And when was it done last? 

When did an administrator last scan the serv- 
er logs for patterns that might spot hackers at 
work? Do your administrators use well-known 
hacking tools, such as proxy hunters, to find 
vulnerabilities? 

And when were the passwords on your servers 
last changed? 

Do your Web developers use your production 
servers to test their new applications? If so, do 
those test versions use dummy data or live in- 
formation? And do the developers delete the ap- 
plications after each test, or do they leave them 
up for anyone in the outside world to access? 

And — maybe most important — when your 
administrators’ workload takes a big jump be- 
cause of a merger or acquisition or major Web 
initiative, do you beef up the staff to make sure 
they’re not stretched thin? 

Because when they’re stretched too thin — 
well, that’s when a Comcast happens. 

As it turns out, there’s a happy ending to the 
Comcast incident — sort of. This particular 
hacker calls himself a security consultant, so he 
notified Comcast of the problems. 
Comcast denied its systems had any 
vulnerabilities. The hacker then 
posted some of the information on 
an Internet security forum. That’s 
when Comcast finally took notice — | 
and pulled its site down for security 
improvements. 

Comcast was lucky that this hack- 
er was fishing for business — not 
looking for a way to attack its sys- 
tems or steal its customer data. 

Which leads to the most pointed 
question of all: Will you be so 
lucky? D 
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IT SERVICES manager with no 
real technical background de- 
cides to cut costs by putting 
UPSes only on network servers 
and pulling them off all worksta- 
tions. “So a week later, during 
another all-too-frequent power 
hit, all the servers stay up,” says 
sysadmin pilot fish. “But no one 
can access them, since all admin 
functions are performed from the 
workstations that no longer have 
UPS protection.” 


NETWORK MANAGER turns 
thumbs down on IT pilot fish’s 
proposal calling for redundant 
ATM carriers. “It's never the car- 
riers that break down; it's always 
the local loop,” boss says. Less 
than a week later, a trans-Atlantic 
cable is cut and puts company’s 
entire Eurasian operations out of 
touch. “And when his boss asks 
why there was no redundancy, 
he states that his staff never 
suggested it,” says fish. 


ON AN OVERSEAS business 
trip, boss sends IT pilot fish an 
e-mail with strange instructions: 
Open the attachment, click on 
the box and enlarge it. Puzzled, 
fish opens the attachment to 
find a tiny box. “I drag the box 


: 


out and start to see text appear- 
ing. Then his logic dawned on 
me,” says fish. “He was trying to 
keep his attachment as small 

as possible.” 


WORK ORDERS are backing 
up for this company's desktop 
support technicians, reports a 
pilot fish - there's regularly a 
month's worth in the queue. 
That's too much, says IT manag- 
er, so he comes up with a policy 
that will trim the queues without 
hiring more staff: “All work or- 
ders older than three weeks will 
be deleted from the system.” 


CEO TAKES IT upon himself to, 
um, motivate the troops: “All my 
friends are billionaires, and I'm 
only a millionaire. It's embarrass- 
ing. | want you to make me a bil- 
lionaire!” We're writing pizza- 
delivery software, pilot fish points 
out. “Wait, I've got an idea,” says 
boss. “On the Web order form, 
write, ‘Smell the pizza.’ ” 


Feed the Shark: sharky@ 
computerworld.com. You get 
a sharp Shark shirt if your true 
tale of IT life sees print - or if it 
shows up in the daily feed at 
computerworld.com/sharky. 
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The 5th Wave 


tHe GLACIER Movement Provecr 
UPDATE. THEIR. WEBSITE 


Camera ready? Wait a minute, 
hold it. Ready? Wait for the 
action ... steady...steady... not 

yet...eeeasy. Hold it. Okay, 
stay focused. Ready? Not 
yet... steeeady...eeeasy... 


com 


©Rich Tennant, www.theSthwave. 
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WHAT’S THE LATEST SCOOP ON 


INTEGRATION? 


Free Webcast reveals what 


the infrastructure experts are saying. 


Pssst. Do you want to find out the secrets behind 
integrating your various applications and your multiple 
systems? Pssst. Want to unravel the mysteries behind 
linking your internal hardware and software with that 
vast network of suppliers, customers and business 
partners out there? 

Then what you should do next is hardly a 
puzzle. Sign up for a series of Webcasts on e-business 
infrastructure. The Webcasts are absolutely free when 
you register by phone or online. Each is thirty minutes 


long and sponsored by IBM and ITworld.com. In the 


first one, you'll hear expert discussion on the major 
integration challenges you face, including perhaps 
the biggest of all challenges — maximizing your ROL 
And these Webcasts aren’t just theory, either. Because 
each will conclude with thorough recommendations 
that will help you both develop a successful corporate 
strategy and point you to a full range of resources for 
additional information. 

So register now for our free online Integration 
Webcast. And get yourself the latest — absolut ly the 


very latest — on integration. 


CLICK OR CALL FOR A FREE WEBCAST. 


@ ibm.com/e-business/scoop 
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